Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates

Threat actors deploying Black Basta and CACTUS ransomware are using the same BackConnect module for persistent control over infected hosts, suggesting a possible transition of former Black Basta affiliates to CACTUS. This convergence of tactics, including email bombing and data exfiltration, is significant given recent Black Basta chat log leaks revealing shared credentials and other initial access points.