There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Indonesia c.bank says ransomware attack did not impact services
January 20, 2022
Indonesia’s central bank said on Thursday that it had been attacked last month by ransomware, but the risk from the attack had been mitigated and did not affect its public services. “We were attacked, but so far so good as we took anticipatory measures and most importantly public services at Bank Indonesia were not disrupted at ...
- SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack
January 20, 2022
Fortune 500 integrated services firm R.R.Donnelley & Sons (RRD) is the latest victim of the hacking collective known as the Conti Group. According to regulatory disclosures RRD was the victim of a network breach that resulted in stolen data in December. RRD, a global firm with 33,000 employees, disclosed incident details in its U.S. Securities and ...
- Biden warns of US ‘cyber’ response after Ukraine says computers wiped during attack
January 20, 2022
US President Joe Biden responded forcefully to reports of a wide-ranging cyberattack on Ukrainian government systems Wednesday afternoon, telling reporters that the US would respond with its own cyberattacks if Russia continues to target Ukraine’s digital infrastructure. “The question is if it’s something significantly short of an…invasion or major military forces coming across,” Biden said in ...
- Red Cross Begs Attackers Not to Leak 515K People’s Stolen Data
January 20, 2022
The Red Cross is imploring threat actors to show mercy by abstaining from leaking data belonging to 515,000+ “highly vulnerable” people that were stolen from a program used to reunite family members split apart by war, disaster or migration. “While we don’t know who is responsible for this attack, or why they carried it out, we ...
- CISA: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats
January 18, 2022
Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety. Over the past year, cyber incidents have impacted many companies, non-profits, and other organizations, large and small, across multiple sectors of the economy. Most recently, public and private entities in Ukraine ...
- Brazilian Ministry of Health recovers systems over a month after cyberattack
January 18, 2022
After a major cyberattack brought key systems of Brazil’s Ministry of Health (MoH) to a halt, the department has reported all its platforms are back online. According to a statement released by the MoH on Friday (14), most systems have been reestablished following a cyberattack in early December 2021, including ConecteSUS, which holds COVID-19 vaccination data. ...