Article Details

Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

Source: The Hacker News
Published: 2025-06-11 17:44
Fetched: 2025-06-11 18:55
Read Original Article

Summary

Former members of the Black Basta ransomware group are employing familiar tactics such as email bombing and Microsoft Teams phishing to infiltrate networks. A recent report from ReliaQuest highlights the addition of Python script execution to their arsenal. The use of cURL requests to deploy malicious payloads signifies a sophisticated evolution in their attack strategy. These techniques enable attackers to maintain persistent access to compromised systems, posing significant security risks. Organizations must enhance their defenses against these multi-vector attacks by implementing robust email filtering, securing communication platforms, and monitoring for suspicious script activities.

LinkedIn Post

Ex-Black Basta members are using email bombing, Teams phishing, and Python scripts for 2025 attacks. Their evolving tactics highlight the need for robust defenses. Stay alert! #Cybersecurity #Ransomware #TechTrends

Content

Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access to target networks. "Recently, attackers have introduced Python script execution alongside these techniques, using cURL requests to fetch and deploy malicious payloads," ReliaQuest said in a report