There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- After ransomware attack, global logistics firm Hellmann warns of scam calls and mail
December 20, 2021
German logistics giant Hellmann has warned its customers and partners to be on the lookout for fraudulent calls and mail after the company was hit with a ransomware attack two weeks ago. In an update about the cyberattack that initially forced them to remove all connections to their central data center, the company said business operations ...
- Scammers grabbed $7.7 billion worth of cryptocurrency in 2021, say researchers
December 20, 2021
Cryptocurrency-based scammers and cyber criminals netted a whopping $7.7 billion worth of cryptocurrency from victims in 2021, marking an 81% rise in losses compared to 2020, according to blockchain analysis firm, Chainalysis. Some $1.1 billion of the $7.7 billion in losses were attributed to a single scheme which allegedly targeted Russia and Ukraine, it said. “As the ...
- Log4j vulnerability now used to install Dridex banking malware
December 20, 2021
Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter. The Dridex malware is a banking trojan originally developed to steal online banking credentials from victims. However, over time, the malware has evolved to be a loader that downloads various modules that can ...
- Russian hackers leak confidential UK police data on the ‘dark web’ after their ransom was rejected
December 19, 2021
Confidential information held by some of Britain’s police forces has been stolen by Russian hackers in an embarrassing security breach, The Mail on Sunday can reveal. The cyber-criminal gang Clop has released some of the material it plundered from an IT firm that handles access to the police national computer (PNC) on the so-called ‘dark web’ ...
- Conti Ransomware Gang: An Overview
December 18, 2021
Conti ransomware stands out as one of the most ruthless of the dozens of ransomware gangs that we follow. The group has spent more than a year attacking organizations where IT outages can have life-threatening consequences: hospitals, 911 dispatch carriers, emergency medical services and law enforcement agencies. Ireland has yet to recover from an attack ...
- Hive ransomware enters big league with hundreds breached in four months
December 16, 2021
The Hive ransomware gang is more active and aggressive than its leak site shows, with affiliates attacking an average of three companies every day since the operation became known in late June. Security researchers gleaning information straight from Hive’s administrator panel found that affiliates had breached more than 350 organizations over four months. The gang’s data leak ...