There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- New Zealand stock exchange halted trading after DDoS attacks
August 26, 2020
New Zealand’s stock exchange (NZX) has been impacted by distributed denial-of-service (DDoS) attacks during the last two days, forcing it to shut down trading until the connectivity issues were resolved. NZX operates New Zealand’s capital, risk, and commodity markets, and it supplies market information including real-time stock quotes, market data and news. The stock market announced around ...
- Conti (Ryuk) joins the ranks of ransomware gangs operating data leak sites
August 25, 2020
It has now become a mainstream tactic for big ransomware groups to create so-called “leak sites” where they upload and leak sensitive documents from companies who refuse to pay the ransomware decryption fee. These “leak sites” are part of a new trend forming on the cybercriminal underground where ransomware groups are adopting a new tactic called ...
- Brute-force cyberattacks on the rise in Brazil
August 24, 2020
Brazil has seen a spike in brute-force cyberattacks driven by the increase in remote working, according to a new report on security threats in the first six months of 2020. More than 2.6 billion attempts at cyber attacks have been recorded by cybersecurity firm Fortinet from January to June, out of a total of 15 billion ...
- Group of unskilled Iranian hackers behind recent attacks with Dharma ransomware
August 24, 2020
Cyber-security firm Group-IB says it identified a group of low-skilled hackers operating out of Iran that has been launching attacks against companies in Asia and attempting to encrypt their networks with a version of the Dharma ransomware. The attacks have targeted companies located in Russia, Japan, China, and India, according to a report Group-IB researchers published ...
- Lifting the veil on DeathStalker, a mercenary triumvirate
August 24, 2020
State-sponsored threat actors and sophisticated attacks are often in the spotlight. Indeed, their innovative techniques, advanced malware platforms and 0-day exploit chains capture our collective imagination. Yet these groups still aren’t likely to be a part of the risk model at most companies, nor should they be. Businesses today are faced with an array of much ...
- FBI and CISA warn of major wave of vishing attacks targeting teleworkers
August 22, 2020
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint security advisory on Thursday, warning about an ongoing wave of vishing attacks targeting the US private sector. Vishing, or voice phishing, is a form of social engineering where criminals call victims to obtain desired information, usually posing as ...