There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Ex-CIA man named as suspect in Vault 7 leak
May 15, 2018
A former CIA employee has been named as the prime suspect in last year’s dump of thousands of documents on the agency’s hacking practices. A report from The Washington Post cites court documents that name Joshua Adam Schulte as the person authorities think to be behind the massive Vault7 data dump. Read more… Source: The Register
- Shadowy Hackers Accidentally Reveal Two Zero-Days to Security Researchers
May 15, 2018
An unidentified hacker group appears to have accidentally exposed two fully-working zero-days when they’ve uploaded a weaponized PDF file to a public malware scanning engine. The zero-days where spotted by security researchers from Slovak antivirus vendor ESET, who reported the issues to Adobe and Microsoft, which in turn, had them patched within two months. Anton Cherepanov, ...
- Hackers Steal Millions From Mexican Banks Via Fake Transfers
May 14, 2018
The incident may have been orchestrated by organised criminals, says Mexico’s central bank Cyber-thieves have made off with hundreds of millions of pesos from Mexican banks using the country’s domestic electronic transfer system. The attack is similar to earlier ones that have used the international SWIFT network, prompting the Belgium-based organisation to bring in new security measures. Read more… Source: ...
- GandCrab Ransomware Found Hiding on Legitimate Websites
May 10, 2018
The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns. What’s interesting is that GandCrab payload was found hiding on legitimate but compromised websites. These, when analyzed, were found to be riddled with vulnerabilities stemming from outdated software, highlighting one ...
- 5 Powerful Botnets Found Exploiting Unpatched GPON Router Flaws
May 10, 2018
Well, that did not take long. Within just 10 days of the disclosure of two critical vulnerabilities in GPON router at least 5 botnet families have been found exploiting the flaws to build an army of million devices. Security researchers from Chinese-based cybersecurity firm Qihoo 360 Netlab have spotted 5 botnet families, including Mettle, Muhstik, Mirai, Hajime, and Satori, ...
- FBI: Cyber-Fraud Losses Rise to Reach $1.4B
May 8, 2018
About 301,580 consumers reported cyber-fraud and malware attacks to the FBI’s Internet Crime Complaint Center (IC3) last year – with reported losses exceeding a whopping $1.4 billion. The year’s haul of reports brings the overall total of complaints since the IC3 began recording such things to 4 million. Read more… Source: ThreatPost