There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Russian Hacker Who Allegedly Hacked LinkedIn and Dropbox Extradited to US
March 30, 2018
A Russian man accused of hacking LinkedIn, Dropbox, and Formspring in 2012 and possibly compromising personal details of over 100 million users, has pleaded not guilty in a U.S. federal court after being extradited from the Czech Republic. Yevgeniy Aleksandrovich Nikulin, 30, of Moscow was arrested in Prague on October 5, 2016, by Interpol agents working in collaboration with the ...
- Atlanta, hit by ransomware attack, also fell victim to leaked NSA exploits
March 27, 2018
It’s been almost a week since the City of Atlanta was hit by a ransomware attack, which encrypted city data and led to the shutdown of some services. Mayor Keisha Lance Bottoms said in a press conference Monday that the city’s government is working on recovering the network after ransom notes appeared on computer displays on Thursday afternoon. ...
- Mastermind behind EUR 1 billion cyber bank robbery arrested in Spain
March 26, 2018
The leader of the crime gang behind the Carbanak and Cobalt malware attacks targeting over a 100 financial institutions worldwide has been arrested in Alicante, Spain, after a complex investigation conducted by the Spanish National Police, with the support of Europol, the US FBI, the Romanian, Belarussian and Taiwanese authorities and private cyber security companies. Since ...
- A Closer Look at APT Group Sofacy’s Latest Targets
March 23, 2018
Threatpost talks to Kaspersky Lab researcher Kurt Baumgartner who was instrumental in tracking the latest activities of the Russian-speaking Sofacy APT gang. Research shows a continual march toward Far East targets and overlapping of activities with other groups such as Lamberts, Turla and Danti. Baumgartner, a researcher with Kaspersky Lab’s Global Research and Analysis Team, presented his ...
- Website of Russian MoD Hit by DDoS Attacks From Western Europe, North America
March 22, 2018
The Russian Defense Ministry said a total of 7 denial-of-service (DDoS) attacks were carried out against its website on Thursday during the final vote on the names of new types of weaponry. “The site of the Russian Defense Ministry during the final vote for the names of the newest domestic weapons was subjected to a massive DDoS attack,” the ministry stated. The ...
- Old banking Trojan TrickBot has been taught new tricks
March 22, 2018
The TrickBot Trojan has been upgraded with new modules to make detection, and defense, more difficult. First discovered in 2016, TrickBot is a financial Trojan which targets the customers of major banks. The Trojan is most commonly connected to phishing campaigns which trick users into entering their credentials into phishing and fraudulent banking websites, designed to appear as legitimate ...