There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- What To Expect in a Ransomware Negotiation
October 26, 2021
We all know the risk of a ransomware attack. Headlines of the latest victims might haunt the dreams of chief information security officers (CISOs) and security operations centers (SOCs) due to the multi-extortion models used by modern ransomware groups. We wanted to get a better understanding of what victims go through during the aftermath and recovery ...
- Money launderers for Russian hacking groups arrested in Ukraine
October 26, 2021
The Ukrainian cybercrime police force has arrested members of a group of money launderers and hackers at the request of U.S. intelligence services. In a press release by Ukraine’s SSU, law enforcement says the individuals engaged in large-scale international operations where they laundered tens of millions of USD for various hacking groups. To engage with their “clients,” ...
- Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads
October 26, 2021
Threat actors are using malicious Android apps to scam users into signing up for a bogus premium SMS subscription service, which results in big charges accruing on their phone bills. Jakub Vavra from the threat operations team of security firm Avast uncovered the campaign, which he dubbed UltimaSMS because one of the first apps he discovered ...
- Almost 100 Organizations in Brazil Targeted with Banking Trojan
October 26, 2021
Up to 100 organizations in Brazil have been targeted with a banking Trojan since approximately late August 2021, with the most recent activity seen in early October. This campaign appears to be a continuation of activity that was published about by researchers at ESET in 2020. The attackers appeared to be undeterred by exposure and Symantec, ...
- Ransomware has proliferated because it’s ‘largely uncontested’, says GCHQ boss
October 26, 2021
If you’ve wondered why ransomware has proliferated in recent years, it’s because until recently it has remained unchallenged, according to Sir Jeremy Fleming, director of British signals intelligence agency GCHQ. “We’ve seen twice as many attacks this year as last year in the UK – but the reason it is proliferating is because it works,” ...
- Ransomware: Industrial services top the hit list – but cyber criminals are diversifying
October 25, 2021
Businesses in industrial goods and services are still the most popular target for ransomware attacks, but cyber criminals are increasingly diversifying which organisations they’re extorting. Ransomware has become a major cybersecurity issue, as cyber criminals infiltrate networks and encrypt servers and files before demanding a ransom payment – often amounting to millions of dollars in cryptocurrencies ...