Black Basta Ransomware Adopts New Tactics and Techniques
/ 1 min read
🧨 Black Basta ransomware adapts tactics, leveraging social engineering and new payloads. Since early October 2024, the Black Basta ransomware group has shifted its approach, employing social engineering techniques such as email bombing and impersonation on platforms like Microsoft Teams to target users. The attackers encourage victims to install legitimate remote access software, which facilitates the delivery of malicious payloads like Zbot and DarkGate. This evolution marks a transition from a botnet-reliant strategy to a hybrid model that integrates social engineering, as the group seeks to harvest credentials and VPN configurations for further attacks. The group, also known as UNC4393, emerged from the remnants of Conti and has diversified its malware arsenal to enhance its operations.
