Key Points
- Black Basta hacking group targets Microsoft Teams users.
- Hackers pretend to be corporate IT staff to launch attacks.
- Employees are tricked into installing ransomware.
- Black Basta evolved from the disbanded Conti syndicate.
- Methods include social engineering and exploiting weaknesses.
Looma News
The Black Basta hacking group is using Microsoft Teams to carry out ransomware attacks against companies around the world. These cybercriminals pretend to be help desk staff, tricking employees into installing harmful software that deploys Black Basta ransomware.
A report by the cybersecurity firm ReliaQuest states that Black Basta has been active since April 2022 and is seen as a successor to the disbanded Conti cybercrime group, which was taken down in June 2022.
Attack Methods
Black Basta breaks into company networks in various ways, including exploiting weaknesses, using malware botnets, and employing social tricks. They used to send harmless emails and follow up with phone calls, pretending to be IT help desk staff to assist employees during fake cyber incidents. Employees would then be misled into installing remote access tools like AnyDesk or enabling Windows Quick Assist, giving attackers access to the network.
Current Tactics
Now, the attackers have switched to using Microsoft Teams for their tricks. They create external user accounts with misleading names like “Help Desk.” The report mentions that these users manipulate their profiles to look real, often using spaces to center the name in chats. Typically, they add targeted users to one-on-one chats to reinforce the idea of internal support.
Once they start chatting, the attackers convince employees to install remote access tools or activate Quick Assist, giving them unauthorized access to corporate systems.