Major Swedish-Swiss multinational automation technology firm ABB had its operations reportedly disrupted by a Black Basta ransomware attack against its Windows Active Directory on May 7, BleepingComputer reports.
Hundreds of ABB's devices were noted by employees to have been impacted by the attack, prompting the company to sever VPN connections with its clients in an effort to avert further ransomware infections.
Double-extortion attacks against corporate targets have been the specialty of Black Basta, which has been associated with the FIN7 hacking group, since its emergence in April 2022. Black Basta has also sought to continuously bolster its operations, with a collaboration with the QBot malware operation by June 2022 to facilitate Cobalt Strike deployment, as well as the development of a Linux encryptor for attacks against VMware ESXi virtual machines on Linux.
Recent victims of the ransomware gang include major UK outsourcing firm Capita, the American Dental Association, and Knauf.
Officials at the City of Augusta, Georgia, have been noted by Mayor Garnett Johnson to have not communicated with the BlackByte ransomware operation that took credit for a cyberattack against the city that commenced on May 21, according to The Record, a news site by cybersecurity firm Recorded Future.
Attacks exploiting a zero-day in the MOVEit Transfer file transfer app to compromise various servers and facilitate data exfiltration efforts have been admitted by the Clop ransomware operation, also known as Lace Tempest, TA505, and FIN11, after the intrusions have been attributed to the group by Microsoft, reports BleepingComputer.