Former members of the Black Basta ransomware operation are still employing traditional techniques such as email bombing and Microsoft Teams phishing, now enhanced by Python script execution. Despite facing setbacks following internal chat leaks, these attackers have shown resilience and adaptation. The majority of Teams phishing attacks recently are traced to breached domains, allowing stealthy impersonation of legitimate traffic. Cybersecurity reports indicate a possible shift of former affiliates to the CACTUS RaaS group, hinting at ongoing threats from this evolving landscape.
Recently, attackers have introduced Python script execution alongside these techniques, using cURL requests to fetch and deploy malicious payloads.
The shutdown of Black Basta's data-leak site, despite the continued use of its tactics, indicates that former affiliates have likely either migrated to another RaaS group or formed a new one.
Collection
[
|
...
]