There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- GhostDNS: New DNS Changer Botnet Hijacked Over 100,000 Routers
October 1, 2018
Chinese cybersecurity researchers have uncovered a widespread, ongoing malware campaign that has already hijacked over 100,000 home routers and modified their DNS settings to hack users with malicious web pages—especially if they visit banking sites—and steal their login credentials. Dubbed GhostDNS, the campaign has many similarities with the infamous DNSChanger malware that works by changing DNS server settings ...
- This is how cyber attackers stole £2.26m from Tesco Bank customers
October 1, 2018
The inner workings of a cyber attack against Tesco Bank which saw £2.26m stolen from 9,000 customers — and resulted in the bank being fined over £16.4m for the failings that allowed it to happen — have been revealed. The Financial Conduct Authority (FCA) has hit the bank with a £16.4m fine and said Tesco Bank failed to ...
- DanaBot Banking Trojan Found Targeting European Countries
September 27, 2018
Security researchers recently discovered a banking trojan named DanaBot (detected by Trend Micro as TROJ_BANLOAD.THFOAAH) being distributed to European countries via spam emails. Here’s what you need to know about this threat, how users and businesses can defend against it, and how managed detection and response can help address this threat. What is DanaBot? DanaBot is a banking trojan, written in ...
- Port of San Diego suffers cyber-attack, second port in a week after Barcelona
September 27, 2018
Two major international ports fell victim to cyber-attacks within the span of a week, putting the shipping industry on alert for a possible threat actor targeting the entire sector. The first to fall was the Port of Barcelona, Spain, on September 20, last week. The second attack was reported yesterday, September 25, by the Port of ...
- Cobalt threat group serves up SpicyOmelette in fresh bank attacks
September 27, 2018
Advanced persistent threat group (APT) the Cobalt Gang, also known as Gold Kingswood, is spreading SpicyOmelette malware in campaigns targeting financial institutions worldwide. In a world where cyberattacks against businesses and consumers alike are spreading and evolving in nature and sophistication, it is often financial institutions which bear the brunt. Banking customers hoodwinked by fraudulent schemes or ...
- VPNFilter’s Arsenal Expands With Newly Discovered Modules
September 26, 2018
Seven new modules discovered in VPNFilter further fill in the blanks about how the malware operates and reveals a wider breath of capabilities. Researchers have discovered new modules in VPNFilter – the malware behind the widespread campaign in May that infected 75 router brands – revealing that its capabilities are much more widespread and sophisticated than previously thought. After ...