There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors
October 11, 2018
Drupalgeddon 2.0 vulnerability is being exploited again by attackers using a time-honored technique of Shellbot, or PerlBot. Researchers are warning of a new wave of cyberattacks targeting unpatched Drupal websites that are vulnerable to Drupalgeddon 2.0. What’s unique about this latest series of attacks is that adversaries are using PowerBot malware, an IRC-controlled bot also called ...
- Innovative Phishing Tactic Makes Inroads Using Azure Blob
October 10, 2018
A brand-new approach to harvesting credentials hinges on users’ lack of cloud savvy. A fresh tactic for phishing Office 365 users employs credential-harvesting forms hosted on Azure Blob storage – signed with legitimate Microsoft SSL certificates to lend an air of legitimacy. Azure Blob Storage is a cloud storage solution for hosting unstructured data such as images, ...
- Over nine million cameras and DVRs open to APTs, botnet herders, and voyeurs
October 9, 2018
Millions of security cameras, DVRs, and NVRs contain vulnerabilities that can allow a remote attacker to take over devices with little effort, security researchers have revealed today. All vulnerable devices have been manufactured by Hangzhou Xiongmai Technology Co., Ltd.(Xiongmai hereinafter), a Chinese company based in the city of Hangzhou. But end users won’t be able to tell that ...
- Artificial Intelligence: A Cybersecurity Tool for Good, and Sometimes Bad
October 3, 2018
Attractive to both white-hats and cybercriminals, AI’s role in security has yet to find an equilibrium between the two sides. Artificial intelligence is the new golden ring for cybersecurity developers, thanks to its potential to not just automate functions at scale but also to make contextual decisions based on what it learns over time. This can ...
- Keyloggers Turn to Zoho Office Suite in Droves for Data Exfiltration
October 2, 2018
An extremely high number of keylogger phishing campaigns have been seen tied to the Zoho online office suite software; in an analysis, a full 40 percent spotted in the last month used a zoho.com or zoho.eu email address to exfiltrate data from victim machines. A Cofense analysis, published Tuesday, of popular keylogging malware – which records ...
- World Cup may have distracted malware hackers
October 2, 2018
This holiday season, together with the 2018 World Cup that took place in Russia, may have lulled hackers, cyber security researchers are claiming. New research from Cofense says that the distribution of TrickBot saw a significant drop during the World Cup. TrickBot is a banking malware known by constantly being updated and transformed. From April, up until ...