Former Black Basta Affiliates Launch Social Engineering Campaign

A social engineering campaign linked to former affiliates of the Black Basta ransomware group has targeted dozens of organizations since May 2025, with activity spiking in the past month. The campaign, documented by cybersecurity firm ReliaQuest, employs tactics reminiscent of Black Basta’s playbook to facilitate fast-scale intrusions. No specific industries, geographic regions, or technical attack vectors were detailed beyond the use of social engineering. The threat actors are believed to be former affiliates of the now-defunct Conti and Black Basta ransomware operations, though no direct attribution to Russia was confirmed. The campaign’s impact includes potential unauthorized access to corporate networks, though no ransomware deployment or data breaches were explicitly reported.