There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- International law enforcement operation exposes the world’s most harmful cyber crime group
December 5, 2019
A Russian national who runs Evil Corp has been indicted in the United States following unprecedented collaboration between the NCA, the FBI and the National Cyber Security Centre. A Russian national who runs Evil Corp – the world’s most harmful cyber crime group that created and deployed malware causing financial losses totalling hundreds of millions of ...
- Ransomware attack hits major US data center provider
December 5, 2019
CyrusOne, one of the biggest data center providers in the US, has suffered a ransomware attack, ZDNet has learned. In an email after this article’s publication, a CyrusOne spokesperson confirmed the incident and said they are currently working with law enforcement and forensics firms to investigate the attack, and help customers restore systems impacted systems. “Six of ...
- New ransomware attacks target your NAS devices, backup storage
December 5, 2019
The number of ransomware strains targeting NAS and backup storage devices is growing, with users “unprepared” for the threat, researchers say. Ransomware comes in many forms and guises. The malware variant is popular with cybercriminals and is used in attacks against the enterprise, critical services — including hospitals and utilities — and individuals. Once deployed on a system, the malware ...
- ‘Ultimate’ MiTM Attack Steals $1M from Israeli Startup
December 5, 2019
Hackers pulled off an elaborate man-in-the-middle campaign to rip off an Israeli startup by intercepting a wire transfer from a Chinese venture-capital firm intended for the new business. New research by Check Point Software details how the security vendor uncovered the wire-transfer heist, in which an attacker used unique tactics—including communicating through email and even canceling a critical ...
- APT review: what the world’s threat actors got up to in 2019
December 4, 2019
What were the most interesting developments in terms of APT activity during the year and what can we learn from them? This is not an easy question to answer, because researchers have only partial visibility and it´s impossible to fully understand the motivation for some attacks or the developments behind them. However, let´s try to approach ...
- Buer, a new loader emerges in the underground marketplace
December 4, 2019
For several years, Proofpoint researchers have been tracking the use of first-stage downloaders, which are used by threat actors to install other forms of malware during and after their malicious email campaigns. In particular, over the last two years, these downloaders have become increasingly robust, providing advanced profiling and targeting capabilities. More importantly, downloaders and other ...