There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Zero-Day Flash Exploit Targeting Middle East
June 7, 2018
A zero-day vulnerability is being exploited in the wild in targeted attacks against Windows users in the Middle East, researchers warned Thursday. The Flash Player vulnerability (CVE-2018-5002), a stack-based buffer overflow bug that could enable arbitrary code execution, was patched earlier today by Adobe. Read more… Source: ThreatPost
- Targeted Spy Campaign Hits Russian Service Centers
June 7, 2018
A series of espionage attacks have been uncovered, targeted at service centers in Russia that provide maintenance and support for a variety of electronic goods. The payload is a commercial version of the Imminent Monitor tool, which is freely available for purchase as legitimate software. Its developers explicitly prohibit any usage of the tool in a malicious way ...
- VPNFilter Malware Impact Larger Than Previously Thought
June 6, 2018
Researchers say the impact of the VPNFilter malware discovered last month is larger than originally reported. On Wednesday, Cisco Talos researchers said they now believe the malware has infected twice the number of router brands than previously stated. They added that VPNFilter also delivers a more potent punch than they originally thought, and have identified a previously ...
- Prowli Malware Targeting Servers, Routers, and IoT Devices
June 6, 2018
After the discovery of massive VPNFilter malware botnet, security researchers have now uncovered another giant botnet that has already compromised more than 40,000 servers, modems and internet-connected devices belonging to a wide number of organizations across the world. Dubbed Operation Prowli, the campaign has been spreading malware and injecting malicious code to take over servers and websites around ...
- Nocturnal Stealer Lets Low-Skilled Cybercrooks Harvest Sensitive Info
May 31, 2018
The Nocturnal Stealer malware has crept into the Dark Web like a thief in the night, offering criminals a lucrative payday for a small price — and little effort. It’s a commodity malware, debuting on an underground forum in March for the low price of $25. It steals things, including 28 different kinds of cryptocurrency wallets, ...
- Brazilian Banking Trojan Communicates Via Microsoft SQL Server
May 29, 2018
Researchers have discovered a banking trojan making waves in Brazil with an array of tricks up its sleeve, including using an unusual command and control (C&C) server and a full-screen social-engineering overlay form. Researchers at IBM X-Force research on Tuesday revealed that attackers are using the malware – dubbed MnuBot –mainly in Brazil to perform illegal ...