There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Coinbase hackers exploit multi-factor flaw to steal from 6,000 customers
October 2, 2021
Bad actors were able to infiltrate the accounts of and steal cryptocurrency from around 6,000 Coinbase customers by exploiting a multi-factor authentication flaw, according to Bleeping Computer. The cryptocurrency exchange told the publication that its security team observed a large-scale phishing campaign targeting its users between April and early May 2021. Some users may have ...
- 3.1M Neiman Marcus Customer Card Details Breached
October 1, 2021
Dallas-based Neiman Marcus Group is known worldwide as the go-to luxury retailer for the well-heeled. But their reputation for impeccable quality just took a big hit with revelations that the company was breached by an attacker back in May 2020. It took 17 months for the retailer to notice. Just this week, Neiman Marcus acknowledged the compromise, ...
- Hydra malware targets customers of Germany’s second largest bank
October 1, 2021
The Hydra banking trojan is back to targeting European e-banking platform users, and more specifically, customers of Commerzbank, Germany’s second-largest financial institution. MalwareHunterTeam has spotted the two-year-old malware in a new distribution campaign that targets German users with a malicious APK named ‘Commerzbank Security’ and using the same icon as the official app. Read more… Source: Bleeping Computer
- Ransomware gangs are complaining that other crooks are stealing their ransoms
September 30, 2021
Cyber criminals using a ransomware-as-a-service scheme have been spotted complaining that the group they rent the malware from could be using a hidden backdoor to grab ransom payments for themselves. REvil is one of the most notorious and most common forms of ransomware around and has been responsible for several major incidents. The group behind REvil ...
- Credential Harvesting at Scale Without Malware
September 30, 2021
While ransomware and ransomware-as-a-service (RaaS) attacks have dominated much of the cybersecurity community’s discussions over the past several months, criminals and hackers continue to compromise corporate, business and personal emails for financial gain. These scams, business email compromise (BEC) and personal email account compromise (EAC), continue to be the most pervasive and costly reported cyberthreats ...
- Fake Installers Drop Malware and Open Doors for Opportunistic Attackers
September 27, 2021
It is widely known that with regard to cybersecurity, a user is often identified as the weakest link. This means that they become typical entry vectors for attacks and common social-engineering targets for hackers. Enterprises can also suffer from these individual weak links. Employees are sometimes unaware of online threats, or are unfamiliar with cybersecurity ...