There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Pro-Ocean: Rocke Group’s New Cryptojacking Malware
January 28, 2021
In 2019, Unit 42 researchers documented cloud-targeted malware used by the Rocke Group to conduct cryptojacking attacks to mine for Monero. Since then, cybersecurity companies have had the malware on their radar, which hampered Rocke Group’s cryptojacking operation. In response, the threat actors updated the malware. Here, we uncover a revised version of the same cloud-targeted ...
- New cybercrime tool can build phishing pages in real-time
January 28, 2021
A cybercrime group has developed a novel phishing toolkit that changes logos and text on a phishing page in real-time to adapt to targeted victims. Named LogoKit, this phishing tool is already deployed in the wild, according to threat intelligence firm RiskIQ, which has been tracking its evolution. The company said it already identified LogoKit installs on ...
- World’s Most Dangerous Malware Emotet Disrupted Through Global Action
January 27, 2021
Law enforcement and judicial authorities worldwide have this week disrupted one of most significant botnets of the past decade: EMOTET. Investigators have now taken control of its infrastructure in an international coordinated action. This operation is the result of a collaborative effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, ...
- US Department of Justice Launches Global Action Against NetWalker Ransomware
January 27, 2021
The Department of Justice today announced a coordinated international law enforcement action to disrupt a sophisticated form of ransomware known as NetWalker. NetWalker ransomware has impacted numerous victims, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities. Attacks have specifically targeted the healthcare sector during the COVID-19 pandemic, taking advantage of the ...
- DreamBus botnet targets enterprise apps running on Linux servers
January 25, 2021
Chances are that if you deploy a Linux server online these days and you leave even the tiniest weakness exposed, a cybercrime group will ensnare it as part of its botnet. The latest of these threats is named DreamBus. Analyzed in a report published last week by security firm Zscaler, the company said this new threat is ...
- Hacker leaks data of 2.28 million dating site users
January 24, 2021
A well-known hacker has leaked this week the details of more than 2.28 million users registered on MeetMindful.com, a dating website founded in 2014, ZDNet has learned this week from a security researcher. The dating site’s data has been shared as a free download on a publicly accessible hacking forum known for its trade in hacked ...