There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Phishing Eager Travelers
September 15, 2021
Threat actors have always been adept at keeping abreast of worldwide trends – ranging from geopolitical to technical – and rapidly exploiting these trends for their benefit. The current pandemic is no exception. Unit 42 has previously reported on how cybercriminals have preyed on consumers during COVID-19 and on the use of COVID-19 themed phishing ...
- The state of ransomware: national emergencies and million-dollar blackmail
September 14, 2021
Banks have been “disproportionately affected” by a surge in ransomware attacks, clocking a 1,318% increase year-on-year in 2021. Ransomware has become one of the most well-known and prevalent threats against the enterprise today. This year alone, we have seen high-profile cases of ransomware infection — including against Colonial Pipeline, Kaseya, and Ireland’s health service — cause ...
- Brazil debates creation of national strategy to tackle cybercrime
September 13, 2021
Amid growing concerns about increasing threats in the cybersecurity space, the Brazilian government and the banking sector are discussing the creation of a strategy to address crime in digital environments. The president at the Brazilian Federation of Banks (FEBRABAN), Isaac Sidney, and the Minister of Justice and Public Security, Anderson Torres, have started negotiations for the ...
- BlackMatter ransomware hits medical technology giant Olympus
September 13, 2021
Olympus, a leading medical technology company, is investigating a “potential cybersecurity incident” that impacted some of its EMEA (Europe, Middle East, Africa) IT systems last week. Olympus has more than 31,000 employees worldwide and over 100 years of history developing for the medical, life sciences, and industrial equipment industries. The company’s camera, audio recorder, and binocular divisions ...
- Windows MSHTML zero-day exploits shared on hacking forums
September 12, 2021
Threat actors are sharing Windows MSHTML zero-day (CVE-2021-40444) tutorials and exploits on hacking forums, allowing other hackers to start exploiting the new vulnerability in their own attacks. Last Tuesday, Microsoft disclosed a new zero-day vulnerability in Windows MSHTML that allows threat actors to create malicious documents, including Office and RTF docs, to execute commands on a ...
- REvil ransomware is back in full attack mode and leaking data
September 11, 2021
The REvil ransomware gang has fully returned and is once again attacking new victims and publishing stolen files on a data leak site. Since 2019, the REvil ransomware operation, aka Sodinokibi, has been conducting attacks on organizations worldwide where they demand million-dollar ransoms to receive a decryption key and prevent the leaking of stolen files. While in ...