There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Australian Cyber Security Centre Annual Cyber Threat Report 2020-21
July 1, 2021
The ACSC Annual Cyber Threat Report 2020–21 has been produced by the Australian Cyber Security Centre, with contributions from the Defence Intelligence Organisation (DIO), Australian Criminal Intelligence Commission (ACIC), Australian Security Intelligence Organisation (ASIO), The Department of Home Affairs and industry partners. The report covers the financial year from 1 July 2020 to 30 June 2021. ...
- Network Attack Trends: February-April 2021
July 1, 2021
Unit 42 researchers observed network attack trends, February-April 2021. In the following sections, we present our analysis of the most recently published vulnerabilities, including the severity and category. Additionally, we provide insight into how the vulnerabilities are actively exploited in the wild based on real-world data collected from Palo Alto Networks Next-Generation Firewalls. We then ...
- PurpleFox Using WPAD to Target Indonesian Users
July 1, 2021
In September 2020, we published a blog describing how the PurpleFox Exploit Kit used Cloudflare services to maintain an infrastructure resilient to blocking and detection attempts. Since then, PurpleFox has been maintaining this strategy while at same time improving its attack chain by incorporating the latest public vulnerabilities into its arsenal. Recently, we found that PurpleFox ...
- Trickbot cybercrime group linked to new Diavol ransomware
July 1, 2021
FortiGuard Labs security researchers have linked a new ransomware strain dubbed Diavol to Wizard Spider, the cybercrime group behind the Trickbot botnet. Diavol and Conti ransomware payloads were deployed on different systems in a ransomware attack blocked by the company’s EDR solution in early June 2021. The two ransomware families’ samples are cut from the same cloth, ...
- EUROPOL: Coordinated Action Cuts Off Access To Vpn Service Used By Ransomware Groups
June 30, 2021
Takedown of DoubleVPN makes it harder for criminal hackers to cover their tracks This week, law enforcement and judicial authorities in Europe, the US and Canada have seized the web domains and server infrastructure of DoubleVPN. This is a virtual private network (VPN) service which provided a safe haven for cybercriminals to attack their victims. This coordinated ...
- Detecting unknown threats: a honeypot how-to
June 30, 2021
Catching threats is tricky business, especially in today’s threat landscape. To tackle this problem, for many years сybersecurity researchers have been using honeypots – a well-known deception technique in the industry. Dan Demeter, Senior Security Researcher with Kaspersky’s Global Research and Analysis Team and head of Kaspersky’s honeypot project, explains what honeypots are, why they ...