SentinelLabs has released a new advisory that links the Black Basta ransomware to hacking operations conducted by the FIN7 threat actors. The Black Basta threat actors have allegedly used a custom defense impairment tool that has previously only been found in incident by FIN7. SentinelLabs reported several instances of the Black Basta ransomware using this tool, and therefore establishing a link between the groups. The security researchers at SentinelLabs stated that analysis of the tool led to additional samples containing a backdoor leveraged in multiple FIN7 operations.
SentinelLabs stated that the packer source code used in the FIN7 operations was also deployed in Black Basta operations. Other ties have also been established between the two groups, including the usage of point of sale (POS) malware to conduct financial fraud. SentinelLabs stated that the threat actor or an affiliate group began to write tools from scratch, disassociating new operations from older ones.