The Black Basta ransomware group, an offshoot of the now-defunct Conti group, has adapted its attack strategies by integrating sophisticated social engineering techniques. Recent trends include email bombing, malicious QR codes, and credential theft, showcasing the group’s commitment to exploiting vulnerabilities in organizational defenses.
The group begins its operations with email bombing—flooding a target’s inbox with subscription-based messages from various mailing lists. This overload often leads victims to seek assistance, creating an opportunity for attackers to impersonate IT staff or support teams. Since August 2024, impersonation tactics have extended to platforms like Microsoft Teams, where attackers persuade victims to install legitimate remote access tools such as AnyDesk, TeamViewer, or Microsoft’s Quick Assist. Microsoft has identified the misuse of Quick Assist by threat actors labeled “Storm-1811.”
Malicious QR codes are another tool in the group’s arsenal. Victims are sent codes via chats, claiming to link trusted mobile devices. These QR codes redirect users to malicious websites, enabling attackers to harvest credentials. Cybersecurity experts have noted that attackers sometimes use OpenSSH clients to open reverse shells, providing deeper system access.
Malware Delivery and Payload Objectives
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: