There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Panasonic admits intruders were inside its servers for months
November 30, 2021
Japanese industrial giant Panasonic has admitted it’s been popped, and badly. A November 26 statement from the company admits that its network “was illegally accessed by a third party on November 11, 2021”. That date has since been revised – the company now says it became aware of the intrusion on the 11th, but that ...
- Dark web market Cannazon shuts down after massive DDoS attack
November 29, 2021
Cannazon, one of the largest dark web marketplaces for buying marijuana products, shut down last week after suffering a debilitating distributed denial of service attack. As the admins explained in a message signed with the market’s PGP key, they are officially retiring and claim not to be pulling an exit scam on their vendors. The admins posted ...
- WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019
November 29, 2021
This February, during our hunting efforts for threat actors using VBS/VBA implants, Kaspersky researchers came across MS Excel droppers that use hidden spreadsheets and VBA macros to drop their first stage implant. The implant itself is a VBS script with functionality to collect system information and execute arbitrary code sent by the attackers on the ...
- Wind turbine maker Vestas confirms recent security incident was ransomware
November 29, 2021
Wind turbine maker Vestas says “almost all” of its IT systems are finally up and running 10 days after a security attack by criminals, confirming that it had indeed fallen victim to ransomware. Alarm bells rang the weekend before last when the Danish organisation said it had identified a “cyber security incident” and closed off parts ...
- Interpol: More than 1,000 arrests and USD 27 million intercepted in massive financial crime crackdown
November 26, 2021
LYON, France – An operation coordinated by INTERPOL codenamed HAECHI-II saw police arrest more than 1,000 individuals and intercept a total of nearly USD 27 million of illicit funds, underlining the global threat of cyber-enabled financial crime. Taking place over four months from June to September 2021, Operation HAECHI-II brought together specialized police units from 20 ...
- IKEA email systems hit by ongoing cyberattack
November 26, 2021
IKEA is battling an ongoing cyberattack where threat actors are targeting employees in internal phishing attacks using stolen reply-chain emails. A reply-chain email attack is when threat actors steal legitimate corporate email and then reply to them with links to malicious documents that install malware on recipients’ devices. As the reply-chain emails are legitimate emails from a ...