The year is 2015 and a threat actor is using the defunct Blackhole exploit kit in active drive-by download campaigns via compromised websites. We noticed Java and PDF exploits collected by our honeypot which we haven’t seen in ages.
Link: Blast from the Past: Blackhole Exploit Kit Resurfaces in Live Attacks