Black Basta Ransomware Targets Teams: Stay Vigilant!

The Black Basta ransomware operation is ramping up its attacks by using Microsoft Teams to impersonate IT support and breach corporate networks. Since its emergence in April 2022, Black Basta has been responsible for hundreds of attacks worldwide, especially after the Conti syndicate disbanded.

Previously, Black Basta utilized overwhelming spam emails to target employees, prompting them to install remote access tools like AnyDesk or Windows Quick Assist. Now, they are evolving by using Microsoft Teams to pose as corporate help desks, tricking employees into allowing remote access under the guise of providing assistance.

Impersonation: Attackers create accounts that mimic help desk personnel, complete with deceptive display names like “Help Desk.”Malicious Software: Once they gain access, they install payloads such as Cobalt Strike, which provides continued remote access to the corporate device.

ReliaQuest emphasizes the need for organizations to tighten security measures:

Restrict External Communication: Limit Microsoft Teams communication to trusted domains only.Enable Logging: Implement logging for suspicious chat events, such as ChatCreated.The shift to Microsoft Teams highlights a growing trend in cyber threats where attackers adapt to exploit popular communication tools.Organizations must remain vigilant and proactive in safeguarding their networks against evolving ransomware tactics.

For comprehensive cybersecurity solutions, Wire Tor is here to help protect your organization from threats like Black Basta. Let’s work together to ensure your systems remain secure!

👉 Follow us on LinkedIn for the latest updates on cybersecurity threats and solutions!