There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- U.S. Charges Chinese Military Officers in 2017 Equifax Hacking
February 10, 2020
Four members of China’s military were charged on Monday with hacking into Equifax, one of the nation’s largest credit reporting agencies, and stealing trade secrets and the personal data of about 145 million Americans in 2017. The charges underscored China’s quest to obtain Americans’ data and its willingness to flout a 2015 agreement with the United States to refrain from ...
- How Chinese Cybercriminals Use Business Playbook to Revamp Underground
February 10, 2020
Because of its longevity and technical sophistication, the Russian cybercriminal underground has long been the benchmark for threat researchers focused on studying cybercrime tactics and techniques; there is a plethora of publications dedicated to analyzing its economy and hacking forums. However, only a handful of studies have centered on the emerging threats and trends from ...
- KBOT: sometimes they come back
February 10, 2020
Although by force of habit many still refer to any malware as a virus, this once extremely common class of threats is gradually becoming a thing of the past. However, there are some interesting exceptions to this trend: we recently discovered malware that spread through injecting malicious code into Windows executable files; in other words, ...
- Introducing Loda Malware
February 10, 2020
Loda is a previously undocumented AutoIT malware with a variety of capabilities for spying on victims. Proofpoint first observed Loda in September of 2016 and it has since grown in popularity. The name ‘Loda’ is derived from a directory to which the malware author chose to write keylogger logs (Figure 14). It should be noted that some ...
- Happy New Fear! Gift-wrapped spam and phishing
February 7, 2020
In the run-up to Christmas and New Year, scam е-mails mentioning easy pickings, lottery winnings, and other cash surprises are especially popular. All the more so given how simple it is to adapt existing schemes simply by mentioning the holiday in the subject line. For example, one scam е-mail with the subject line “Xsmas gift” or ...
- Bouygues Construction falls victim to ransomware
February 5, 2020
Bouygues Construction has confirmed falling victim to ransomware that it detected across its network on January 30. “As a precautionary measure, information systems have been shut down to prevent any propagation,” the company said in a brief statement. “Our teams are currently fully focused on returning to normal as quickly as possible, with the support of experts. “Installations are ...