#blackbasta — Public Fediverse posts

#cyber #cyberSecurity #conti #blackBasta

https://infosec.exchange/@BleepingComputer/115906316667250247
[email protected] - The identity of the Black Basta ransomware gang leader has been confirmed by law enforcement in Ukraine and Germany, and the individual has been added to the wanted list of Europol and Interpol.

https://www.bleepingcomputer.com/news/security/black-basta-boss-makes-it-onto-interpols-red-notice-list/

Fake Ukrainian Police Emails Spread New CountLoader Malware Loader https://hackread.com/fake-ukrainian-police-emails-countloader-malware-loader/ #Cybersecurity #CyberAttacks #PhishingScam #CountLoader #BlackBasta #Ransomware #Security #Phishing #LockBit #Malware #Ukraine #Police #Russia #Fraud #Qilin #Scam

Fake Ukrainian Police Emails Spread New CountLoader Malware Loader https://hackread.com/fake-ukrainian-police-emails-countloader-malware-loader/ #Cybersecurity #CyberAttacks #PhishingScam #CountLoader #BlackBasta #Ransomware #Security #Phishing #LockBit #Malware #Ukraine #Police #Russia #Fraud #Qilin #Scam

Fake Ukrainian Police Emails Spread New CountLoader Malware Loader https://hackread.com/fake-ukrainian-police-emails-countloader-malware-loader/ #Cybersecurity #CyberAttacks #PhishingScam #CountLoader #BlackBasta #Ransomware #Security #Phishing #LockBit #Malware #Ukraine #Police #Russia #Fraud #Qilin #Scam

Fake Ukrainian Police Emails Spread New CountLoader Malware Loader https://hackread.com/fake-ukrainian-police-emails-countloader-malware-loader/ #Cybersecurity #CyberAttacks #PhishingScam #CountLoader #BlackBasta #Ransomware #Security #Phishing #LockBit #Malware #Ukraine #Police #Russia #Fraud #Qilin #Scam

Threat Intelligence Executive Report – Volume 2025, Number 3 – Source: news.sophos.com https://ciso2ciso.com/threat-intelligence-executive-report-volume-2025-number-3-source-news-sophos-com/ #postquantumcryptography #employmentscam #humanresources #ThreatResearch #GOLDREBELLION #nakedsecurity #0CISO2CISO #BlackBasta #NorthKorea #featured #ctu

Operation Endgame 2: 15 Millionen E-Mail-Adressen und 43 Millionen Passwörter | Security https://www.heise.de/news/Operation-Endgame-2-15-Millionen-E-Mail-Adressen-und-43-Millionen-Passwoerter-10396199.html #HaveIBeenPwned #Malware #Ransomware #Hacking #CyberCrime #Bumblebee #Latrodectus #Qakbot #DanaBot #HijackLoader #Warmcookie #Trickbot #Prolock #Doppelpaymer #REvil #Conti #BlackBasta #Cactus #OperationEndgame2

Operation Endgame 2: 15 Millionen E-Mail-Adressen und 43 Millionen Passwörter | Security https://www.heise.de/news/Operation-Endgame-2-15-Millionen-E-Mail-Adressen-und-43-Millionen-Passwoerter-10396199.html #HaveIBeenPwned #Malware #Ransomware #Hacking #CyberCrime #Bumblebee #Latrodectus #Qakbot #DanaBot #HijackLoader #Warmcookie #Trickbot #Prolock #Doppelpaymer #REvil #Conti #BlackBasta #Cactus #OperationEndgame2

Operation Endgame 2: 15 Millionen E-Mail-Adressen und 43 Millionen Passwörter | Security https://www.heise.de/news/Operation-Endgame-2-15-Millionen-E-Mail-Adressen-und-43-Millionen-Passwoerter-10396199.html #HaveIBeenPwned #Malware #Ransomware #Hacking #CyberCrime #Bumblebee #Latrodectus #Qakbot #DanaBot #HijackLoader #Warmcookie #Trickbot #Prolock #Doppelpaymer #REvil #Conti #BlackBasta #Cactus #OperationEndgame2

Operation Endgame 2.0: 20 Haftbefehle, Hunderte Server außer Gefecht gesetzt | Security https://www.heise.de/news/Operation-Endgame-2-0-20-Haftbefehle-Hunderte-Server-ausser-Gefecht-gesetzt-10394215.html #OperationEndgame #OperationEndgame2 #Malware #Ranswomware #Hacking #CyberCrime #Bumblebee #Latrodectus #Qakbot #DanaBot #HijackLoader #Warmcookie #Trickbot #Prolock #Doppelpaymer #REvil #Conti #BlackBasta #Cactus

Operation Endgame 2.0: 20 Haftbefehle, Hunderte Server außer Gefecht gesetzt | Security https://www.heise.de/news/Operation-Endgame-2-0-20-Haftbefehle-Hunderte-Server-ausser-Gefecht-gesetzt-10394215.html #OperationEndgame #OperationEndgame2 #Malware #Ranswomware #Hacking #CyberCrime #Bumblebee #Latrodectus #Qakbot #DanaBot #HijackLoader #Warmcookie #Trickbot #Prolock #Doppelpaymer #REvil #Conti #BlackBasta #Cactus

Operation Endgame 2.0: 20 Haftbefehle, Hunderte Server außer Gefecht gesetzt | Security https://www.heise.de/news/Operation-Endgame-2-0-20-Haftbefehle-Hunderte-Server-ausser-Gefecht-gesetzt-10394215.html #OperationEndgame #OperationEndgame2 #Malware #Ranswomware #Hacking #CyberCrime #Bumblebee #Latrodectus #Qakbot #DanaBot #HijackLoader #Warmcookie #Trickbot #Prolock #Doppelpaymer #REvil #Conti #BlackBasta #Cactus

International Operation Targets Qakbot Hacker, $24M in Crypto Seized https://thecyberexpress.com/doj-indicts-alleged-qakbot-malware/ #RustamRafailevichGallyamov #USJusticeDepartment #ransomwareattacks #CryptoCrackdown #maliciousemails #RansomwareNews #cryptocurrency #FirewallDaily #Qakbotmalware #BlackBasta #CyberNews #Gallyamov #Qakbot #REvil #FBI

Understanding the BRUTED Framework: A New Threat in Ransomware Tactics

https://thedefendopsdiaries.com/understanding-the-bruted-framework-a-new-threat-in-ransomware-tactics/

#brutedframework
#blackbasta
#ransomware
#vpnsecurity
#cyberthreats

Understanding the BRUTED Framework: A New Threat in Ransomware Tactics

https://thedefendopsdiaries.com/understanding-the-bruted-framework-a-new-threat-in-ransomware-tactics/

#brutedframework
#blackbasta
#ransomware
#vpnsecurity
#cyberthreats

Fake IT Support Calls Trick Microsoft Teams Users into Installing Ransomware https://hackread.com/fake-it-support-calls-microsoft-teams-users-install-ransomware/ #MicrosoftTeams #Cybersecurity #CyberAttacks #CyberAttack #QuickAssist #BlackBasta #Ransomware #Security #OneDrive #Malware #CACTUS

Fake IT Support Calls Trick Microsoft Teams Users into Installing Ransomware – Source:hackread.com https://ciso2ciso.com/fake-it-support-calls-trick-microsoft-teams-users-into-installing-ransomware-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #MicrosoftTeams #cybersecurity #CyberAttacks #CyberAttack #QuickAssist #BlackBasta #Ransomware #Hackread #OneDrive #security #malware #CACTUS

Happy Monday everyone!

Today's #readoftheday is brought to you by Trend Micro and they share their findings related to #BlackBasta and #CactusRansomware adding a piece of malware known as #BackConnect to their toolbox.

The report states "The BackConnect malware is a tool that cybercriminals use to establish and maintain persistent control over compromised systems. Once infiltrated, it grants attackers a wide range of remote control capabilities, allowing them to execute commands on the infected machine. This enables them to steal sensitive data, such as login credentials, financial information, and personal files."

Behaviors (MITRE ATT&CK):
Initial Access - TA0001:
Phishing: Spearphishing Voice - T1566.004 - The attackers conducted an email bombing campaign then contacted the victim posing as "IT Support" or "HelpDesk".

Command and Control - TA0011:
Remote Access Software - T1219 -
The attackers used QuickAssist to access the victim's environment once they were successfully social engineered.

Lateral Movement - TA0008:
Remote Services: SMB/ Windows Admin Shares - T1021.002 -
Remote Services: Windows Remote Management - T1021.006
The attackers leveraged both SMB, shared folders, and WinRM for lateral movement.

Go check out the rest of the technical details! Enjoy and Happy Hunting!

Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal
https://www.trendmicro.com/en_us/research/25/b/black-basta-cactus-ransomware-backconnect.html?&web_view=true

Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

Black Basta Chat Logs Reveal Ransomware Group’s TTPs, IoCs https://thecyberexpress.com/black-basta-ransomware-group-leak/ #blackbastaransomwaregroup #TheCyberExpressNews #ThreatIntelligence #cybersecuritynews #TheCyberExpress #Vulnerabilities #RansomwareNews #FirewallDaily #BlackBasta #Ransomware #CyberNews #TTPs

Ukraine’s largest bank PrivatBank Targeted with SmokeLoader malware – Source:hackread.com https://ciso2ciso.com/ukraines-largest-bank-privatbank-targeted-with-smokeloader-malware-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #CyberAttacks #BlackBasta #PrivatBank #Hackread #Phishing #security #UAC0006 #Ukraine #Russia #FIN7

Ukraine’s largest bank PrivatBank Targeted with SmokeLoader malware https://hackread.com/ukraine-largest-bank-privatbank-smokeloader-malware/ #Cybersecurity #CyberAttacks #BlackBasta #PrivatBank #Security #Phishing #UAC0006 #Ukraine #Russia #FIN7

Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing” – Source: news.sophos.com https://ciso2ciso.com/sophos-mdr-tracks-two-ransomware-campaigns-using-email-bombing-microsoft-teams-vishing-source-news-sophos-com/ #rssfeedpostgeneratorecho #remotemachinemanagement #legitimateserviceabuse #MicrosoftOffice365 #SecurityOperations #CyberSecurityNews #ThreatResearch #nakedsecurity #pythonmalware #nakedsecurity #Javamalware #QuickAssist #blackbasta #BlackBasta

"In addition to the new backConnect malware developed by Qbot operators, research has emerged tying zloader[4] activity to that of the BlackBasta ransomware operation. It is highly likely this new side loading backConnect malware has been or is going to be utilized to further ransomware attacks."
⬇️
"Qbot is Back.Connect"
👇
https://medium.com/walmartglobaltech/qbot-is-back-connect-2d774052369f

#CyberVeille #qbot #malware #BlackBasta

Black Basta-Style Cyberattack Hits Inboxes with 1,165 Emails in 90 Minutes – Source:hackread.com https://ciso2ciso.com/black-basta-style-cyberattack-hits-inboxes-with-1165-emails-in-90-minutes-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #CyberAttacks #CyberAttack #BlackBasta #Ransomware #SlashNext #WordPress #Hackread #Phishing #security

Black Basta-Style Cyberattack Hits Inboxes with 1,165 Emails in 90 Minutes https://hackread.com/black-basta-cyberattack-hits-inboxes-with-1165-emails/ #Cybersecurity #CyberAttacks #CyberAttack #BlackBasta #Ransomware #SlashNext #Wordpress #Security #Phishing

Black Basta Ransomware Uses MS Teams, Email Bombing to Spread Malware – Source:hackread.com https://ciso2ciso.com/black-basta-ransomware-uses-ms-teams-email-bombing-to-spread-malware-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #MicrosoftTeams #cybersecurity #Vulnerability #CyberAttacks #BlackBasta #Ransomware #DarkGate #Hackread #security #malware #Zbot

Black Basta Ransomware Uses MS Teams, Email Bombing to Spread Malware https://hackread.com/black-basta-gang-ms-teams-email-bombing-malware/ #MicrosoftTeams #Cybersecurity #Vulnerability #CyberAttacks #BlackBasta #Ransomware #Security #DarkGate #Malware #Zbot

Defend Your Business: Testing Your Security Against QakBot and Black Basta Ransomware – Source: securityboulevard.com https://ciso2ciso.com/defend-your-business-testing-your-security-against-qakbot-and-black-basta-ransomware-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #blackbasta #ransomware #QakBot

Response to CISA Advisory (AA24-131A): #StopRansomware: Black Basta – Source: securityboulevard.com https://ciso2ciso.com/response-to-cisa-advisory-aa24-131a-stopransomware-black-basta-source-securityboulevard-com/ #IndicatorsofCompromise(IOCs) #rssfeedpostgeneratorecho #SecurityBloggersNetwork #criticalinfrastructure #adversaryemulation #Broad-BasedAttacks #CyberSecurityNews #SecurityBoulevard #blackbasta #healthcare #ransomware #CISAAlert #TTPs

📬 Black Basta: Storm-1811 verankert Ransomware via Quick Assist
#Cyberangriffe #Malware #BlackBasta #Microsoft #QuickAssist #Ransomware #Storm1811 #VoicePhishingAngriff https://sc.tarnkappe.info/12fca9

Onapsis and Flashpoint produced a 29 report on the cyber threat landscape for SAP applications over the past 4 years. SAP is the world's largest provider of enterprise application software. The report highlights the material risk of SAP ransomware attacks and the growing maturity of cybercriminal capabilities. Their appendices at the bottom list known SAP vulnerabilities (if they're on CISA's Known Exploited Vulnerabilities (KEV) Catalog), as well as MITRE ATT&CK techniques associated with SAP exploitation, and threat actors (financially motivated and ransomware groups) targeting SAP-using organizations. 🔗 (PDF) https://go.onapsis.com/threat-report/ch4tter

#SAP #vulnerability #cybercrime #threatintel #FIN13 #CobaltSpider #FIN7 #BlackCat #AlphV #BianLian #BlackBasta

New Latrodectus Downloader Malware Linked to IcedID and Qbot Creators https://www.hackread.com/latrodectus-downloader-malware-icedid-qbot/ #Latrodectus #BlackBasta #Ransomware #Security #Malware #IcedID #TA577 #TA588 #QBot

Wenn ich den Beitrag von #ReportMünchen anschaue, stellt sich de Frage, ob #Wissing der richtige ist, wenn es um #Cybersicherheit und #Digitalisierung in #Deutschland geht!
Spoiler: NEIN, ist er nicht!
Die #Faeser nimmt es ebenso nicht ernst und wenn: Maßnahmen zu teuer... 😡

#Hacker #Russland #BlackBasta #Mossad #FDP

https://www.br.de/mediathek/podcast/report-muenchen/cyber-war-die-unsichtbare-schlacht-im-netz/2062808

First #Cl0p; now #BlackBasta. #ENZ. It's not clear whether both extortions are based on the data obtained from the #MOVEit breach.

🔎 IcedID’s VNC Backdoors: Dark Cat, Anubis & Keyhole

A summary of #VNC #backdoor capabilities reconstructed from network traffic.

👀 Screenshots, videos and clipboard data at https://blog.nviso.eu/2023/03/20/icedids-vnc-backdoors-dark-cat-anubis-keyhole/

#Malware #PCAP #Reversing #DarkCat #Anubis #Keyhole #DarkVNC #IcedID #Karakurt #BlackBasta

BlackBasta revendique des attaques informatiques à l'encontre de:

• 🇺🇸 Michael & Son Services (michaelandson.com)

• 🇺🇸 Potandon Produce LLC (potandon.com)

• 🇺🇸 Sound Publishing, Inc (soundpublishing.com)

• 🇺🇸 Karges-Faulconbridge, Inc (kfi-eng.com)

• 🇺🇸 Ennis, Inc (ennis.com)

• 🇺🇸 Woodhaven Lumber & Millwork (woodhavenlumber.com)

#usa #industries #potatoes #blackbasta #ransomware #production #hvac #design #market #onions #packing #growing #business #repair #sales #facilities #electrical #plumbing #news #heating #press #kitchen #cooling #equipment #infrastructure #careers #doors #moulding #flooring #air #restoration #water #boilers #tubes #remediation #investors #food #distributor #hospital #medical #maintenance #engineering #campus #blueprint #mechanical #electrical #shops #retails #commercial #construction #wastewater #clients #treatments #manufacturers #printing #partnership #media #advertising #journalism #threats #resources #customers #smart #tax #disinfection #building #schools #systems #ethanol #awards #chemical #safety #management #brands #databreach #fuel #barcoding #imaging #software #employees #plants #solutions #informatique

I have been seeing A LOT of verified compromises circulating hacker forums because of #BlackCat, #LockBit, #HiveRansomware, #Mallox, #BlackBasta #RoyalRansomware, #BianLian, #CubaRansomware, #BloodyRansomwareGang, #RansomEXX - I'm talking multiple terabytes of data, hundreds of millions of account details, across pretty much every single sector. Most common method of infection? #BusinessEmailCompromise! Be super mindful of the links you click on, the attachments you download, and the sites you visit

🇺🇸 Les opérateurs Black Basta revendiquent une attaque informatique à l'encontre de :

• 🇺🇸 Maney | Gordon | Zeller, P.A. (maneygordon.com)

• 🇨🇦 A.R. Thomson Group (arthomson.com)

• 🏴󠁧󠁢󠁳󠁣󠁴󠁿 Dingbro, Ltd (dingbro.com)

• 🇬🇧 ATCORE (atcoretec.com)

#usa #uk #scotland #canada #hvac #blackbasta #purification #ransomware #companies #industrial #batteries #products #pumps #packing #joints #steam #systems#services #electrical #customers #market #heat #business #paint #filtration #gas #automation #staff #fuel #instrumentation #fluids #containment #employees #refining #manufacturers #databreach #automotive #solutions #warehouse #engineers #technologies #facilities #power #solutions #threats #hydraulic #trucks #gaskets #innovative #future #petrochemical #cnc #oil #design #valves #sealing #informatique

🇺🇸 Les opérateurs BlackBasta revendiquent une attaque informatique à l'encontre de Panolam Surface Systems (panolam.com) #usa #innovative #ballistic #textiles #ransomware #protection #blackbasta #microbial #doors #pressure #wall #premium #future #resistant #design #panels #technologies #structural #systems #surfaces #commercial #brands #solutions #support #armortex #certification #bulletproof #laminate #business #products #customers #databreach #creative #electrostatic #plastic #furniture #building #interior #healthcare #corporate #facilities #schools #thermal #clients #panolam #residential #brochures #pionite #fiberglass #industries #nevamar #medical #floors #laboratories #informatique

🇨🇦 Les opérateurs Blackbasta revendiquent une attaque informatique à l'encontre de Maple Leaf Foods (mapleleaffoods.com) #canada #food #nutrition #ransomware #business #blackbasta #brands #solutions #companies #corporate #delicious #careers #commitments #databreach #thanksgiving #management #financial #communities #nutritious #sustainable #cyber #investors #shareholders #protein #threats #care #animal #informatique

🇺🇸 Les opérateurs Black Basta revendiquent une attaque informatique à l'encontre de IMA Financial Group, Inc (imacorp.com) #financial #services #firms #insurance #ransomware #management #business #wealth #solutions #usa #insights #blackbasta #databreach #customers #corporate #employees #benefits #assets #tenants #contracts #foundation #careers #data #community #retirement #associates #planning #threats #market #brokers #operations #clients #informatique

BlackBasta ransomware group have been linked to FIN7 (Carbanak) according to Sentinel Labs. Apparently the connection was made through some specific EDR evasion tooling, some common TTPs and IPs used by the groups.

BlackBasta is believed to be a reincarnate of the Conti group.

https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

#ThreatIntelligence #CTI #BlackBasta #Ransomware #SentinelLabs

🇺🇸 Les opérateurs Black Basta revendiquent une attaque informatique à l'encontre de 🇺🇸 Lydecker (lydecker.com) #usa #ransomware #litigaton #laws #justice #services #blackbasta #attorneys #associates #cyber #firms #government #financial #business #databreach #individuals #maritime #energies #solutions #threats #insurance #healthcare #industries #clients #construction #employees #international #payment #businesses #customers #districts #partnership #workers #support #department #lawyers #informatique

• 🇺🇸 Les opérateurs BlackBasta revendiquent une attaque informatique contre Dillon Precision Products, Inc (dillonprecision.com) #usa #blackbasta #ammunition #tactical #ransomware #firearms #equipment #rifles #databreach #cyber #pistols #commercial #accessories #market #online #retails #business #shooting #threats #bullets #services #ammo #shop #products #components #catalog #machines #support #employees #guns #safety #informatique

• 🇺🇸 Les opérateurs BlackBasta revendiquent une attaque informatique contre Wallwork Truck Center (wallworktrucks.com) #usa #blackbasta #ransomware #fertilizer #trucks #tractor #equipment #transport #corporate #databreach #cyber #chassis #logistic #gasoline #communauty #careers #agriculture #business #threats #asphalt #trailer #vans #container #chemical #market #services #employees #informatique