There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- FBI attributes JBS ransomware attack to REvil
June 3, 2021
The United States FBI issued a short statement on Wednesday pinning the recent JBS ransomware incident on REvil. “As the lead federal investigative agency fighting cyber threats, combating cybercrime is one of the FBI’s highest priorities. We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to ...
- Banking Attacks Surge Along with Post-COVID Economy
June 2, 2021
For many, COVID-19 has been a crushing catastrophe. But for bank scammers, it’s shaped up to be a nice little money-making opportunity. As the post-pandemic economy roars back to life, cybercriminals are using a new whirlwind of transactions as cover to launch an extraordinary number of bank fraud attacks. In just the past quarter, the number ...
- Russian underground forums launch competitions for cryptocurrency, NFT hacks
June 2, 2021
Cybercriminals in underground forums have been soliciting techniques for compromising cryptocurrency services. Capture the Flag competitions, conference calls for papers, and gamification in cybersecurity courses designed to equip learners with hands-on skills are all common in the white hat realm, but in opposition, contests are also being launched by cybercriminals to create new offensive techniques. Read more… Source: ...
- Australian Cyber Security Centre using classified capabilities to warn local entities of impending ransomware hit
June 2, 2021
While the Australian Cyber Security Centre (ACSC) is engaged in helping a local organisation remove and recover from a ransomware hit or cyber attack, its overseer, the Australian Signals Directorate (ASD) is able to use its more secretive powers to find out if any other organisations are on the attackers hit list. Speaking about the attack ...
- Cyber-Insurance Fuels Ransomware Payment Surge
June 1, 2021
Ransomware victims are increasingly falling back on their cyber-insurance providers to pay the ransom when they’re hit with an extortion cyberattack. But security researchers warn that this approach can quickly become problematic. In the first half of 2020, ransomware attacks accounted for 41 percent of the total number of filed cyber-insurance claims, according to a Cyber Claims Insurance ...
- Swedish Health Agency shuts down SmiNet after hacking attempts
May 31, 2021
The Swedish Public Health Agency (Folkhälsomyndigheten) has shut down SmiNet, the country’s infectious diseases database, on Thursday after it was targeted in several hacking attempts. SmiNet, which is also used to store electronic reports with statistics on COVID-19 infections, was shut down on Thursday to investigate the attacks and was brought back online on Friday evening. Read ...