Security News > 2022 > November > Black Basta ransomware gang linked to the FIN7 hacking group

Black Basta ransomware gang linked to the FIN7 hacking group
2022-11-03 10:00

Security researchers at Sentinel Labs have uncovered evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7, also known as "Carbanak."

When analyzing tools used by the ransomware gang in attacks, the researchers found signs that a developer for FIN7 has also authored the EDR evasion tools used exclusively by Black Basta since June 2022.

Further evidence linking the two includes IP addresses and specific TTPs used by FIN7 in early 2022 and seen months later in actual Black Basta attacks.

Black Basta is a ransomware operation launched in April 2022, showing signs of previous experience by immediately announcing multiple high-profile victims and convincing many analysts it was a Conti rebrand, or at least contained members from the now-shutdown operation.

Additional evidence of a connection between FIN7 and Black Basta concerns FIN7's early 2022 experimentation with Cobalt Strike and Meterpreter C2 frameworks in simulated malware-dropping attacks.

While these technical similarities point to Fin7 members being part of the Black Basta operation, it is still unclear whether they are just devs for the group, operators, or affiliates using their own tools during attacks.


News URL

https://www.bleepingcomputer.com/news/security/black-basta-ransomware-gang-linked-to-the-fin7-hacking-group/