Summary: Recent analysis indicates that affiliates of the Black Basta ransomware group have shifted their tactics to utilize the CACTUS ransomware, deploying a shared BackConnect module for continued access to infected systems. This convergence of techniques, including social engineering tactics like email bombing and Quick Assist, highlights the evolving nature of ransomware attacks. Additionally, the discovery of valid credentials amongst the attackers points to a sophisticated operation leveraging previously stolen information.
Affected: Ransomware victims and organizations at risk from Black Basta and CACTUS attacks
Keypoints :
- Black Basta and CACTUS ransomware groups share the BackConnect module for persistent control over infected hosts.
- Attackers use email bombing and impersonation to trick victims into installing malicious software.
- Transitioning tactics indicate increased collaboration between different ransomware groups, suggesting a broader threat landscape.
Source: https://thehackernews.com/2025/03/researchers-link-cactus-ransomware.html