There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Ecuador’s state-run CNT telco hit by RansomEXX ransomware
July 17, 2021
Ecuador’s state-run Corporación Nacional de Telecomunicación (CNT) has suffered a ransomware attack that has disrupted business operations, the payment portal, and customer support. CNT is Ecuador’s state-run telecommunication carrier that offers fixed-line phone service, mobile, satellite TV, and internet connectivity. Read more… Source: Bleeping Computer
- Toddler mobile banking malware surges across Europe
July 16, 2021
Researchers have provided a deep dive into Toddler, a new Android banking Trojan that is surging across Europe. In a report shared with ZDNet, the PRODAFT Threat Intelligence (PTI) team said that the malware, also known as TeaBot/Anatsa, is part of a rising trend of mobile banking malware attacking countries, including Spain, Germany, Switzerland, and the ...
- DDoS attack registered on Russian Defense Ministry website
July 16, 2021
The official website of the Russian Defense Ministry is down due to a DDoS attack, a source in the law enforcement informed TASS on Friday. “Specialists from the defense ministry are repelling a DDoS attack on the official website of the Defense Ministry,” the source said. Read more… Source: TASS
- Cyberattack on Moldova’s Court of Accounts destroyed public audits
July 16, 2021
Moldova’s “Court of Accounts” has suffered a cyberattack leading to the agency’s public databases and audits being destroyed. Court of Accounts of Moldova is a government authority that performs audits of public financial resources and government agencies to comply with international standards. Read more… Source: Bleeping Computer
- Linux Variant of HelloKitty Ransomware Targets VMware ESXi Servers
July 16, 2021
For the first time, researchers have publicly spotted a Linux encryptor used by the HelloKitty ransomware gang: the outfit behind the February attack on videogame developer CD Projekt Red. On Wednesday, MalwareHunterTeam disclosed its discovery of numerous Linux ELF-64 versions of the HelloKitty ransomware targeting VMware ESXi servers and virtual machines (VMs) running on them. Read more… Source: ...
- Cybercriminals took advantage of WFH to target financial services companies, says Financial Stability Board report
July 14, 2021
Criminals targeted security gaps at financial services firms as their staff moved to working from home, according to a report issued by the Financial Stability Board (FSB) on Tuesday. Established after the G20 London summit in April 2009, the FSB makes recommendations about the global financial system and coordinates financial rules for the G20 group of ...