There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild
September 5, 2018
A Monero cryptomining script is spreading in an ongoing campaign using the recently disclosed critical remote command-execution flaw. It was only a matter of time before attacks were seen in the wild, and now it’s happened. A known threat actor has mounted a large cryptomining campaign using the recently disclosed Apache Struts 2 critical remote code-execution ...
- New Silence hacking group suspected of having ties to cyber-security industry
September 5, 2018
At least one member of a newly uncovered cybercrime hacking group appears to be a former or current employee of a cyber-security company, according to a new report released today. The report, published by Moscow-based cyber-security firm Group-IB, breaks down the activity of a previously unreported cyber-criminal group named Silence. According to Group-IB, the group has spent the ...
- ‘CamuBot’ Banking Malware Ups the Trojan Game with Biometric Bypass
September 4, 2018
CamuBot is a unique malware targeting Brazilian bank customers that attempts to bypass biometric account protections. Brazilian bank customers are being warned of malware dubbed CamuBot that hides in plain sight and presents itself as a required end-user security module provided by a bank. The malware goes so far as to include bank logos that look and ...
- Thousands of MikroTik Routers Hacked to Eavesdrop On Network Traffic
September 3, 2018
Last month we reported about a widespread crypto-mining malware campaign that hijacked over 200,000 MikroTik routers using a previously disclosed vulnerability revealed in the CIA Vault 7 leaks. Now Chinese security researchers at Qihoo 360 Netlab have discovered that out of 370,000 potentially vulnerable MikroTik routers, more than 7,500 devices have been compromised to enable Socks4 proxy maliciously, allowing attackers to ...
- Cyber threat against Danish banks ‘very high’: agency
September 1, 2018
The cyber threat against Denmark’s financial sector is considered to be very high, according to a report by the Centre for Cyber Security (Center for Cybersikkerhed). The centre, which is a department of military security agency FET (Forsvarets Efterretningstjeneste), assesses cyber threats against Denmark and Danish businesses. “The threat posed to the Danish financial sector by cyber ...
- Cobalt Group Targets Banks in Eastern Europe with Double-Threat Tactic
August 30, 2018
The campaign uses double infection points and two command-and-control servers. The infamous financial cybercrime gang known as Cobalt Group has been spotted actively pushing a fresh campaign that uses a peculiar tactic: Double infection points and two command-and-control (C2) servers. The Cobalt Group, a known financial cybercrime ring since 2016, has been suspected in attacks in dozens ...