Summary: NVISO Labs has identified a sophisticated phishing campaign linked to the Black Basta ransomware group, utilizing Microsoft Teams for social engineering attacks. The campaign employs an email bombing strategy to distract victims before attackers impersonate IT personnel to gain remote access. Once inside, they disable security measures, exfiltrate data, and deploy malware, highlighting the need for proactive detection measures.
Threat Actor: Black Basta | Black Basta
Victim: Organizations | Organizations
Keypoints :
- Attackers initiate the campaign with an email bombing strategy, flooding victims’ inboxes with benign spam.
- They impersonate Help Desk or IT Support personnel via Microsoft Teams to gain trust and access.
- Detection points include monitoring for spikes in incoming emails, suspicious display names, RMM tool usage, and chat creation timelines.
Source: https://securityonline.info/black-basta-exploits-microsoft-teams-for-phishing-attacks/