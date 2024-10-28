Ransomware

Microsoft Teams exploited in latest Black Basta attacks

Share
Microsoft Teams users duped into passing on MFA codes

BleepingComputer reports that affiliates of the Black Basta ransomware gang have leveraged Microsoft Teams as part of its social engineering attacks beginning this month.

Intrusions commenced with the delivery of malicious emails and subsequent contacting of targets in Microsoft Teams under the guise of corporate IT help desk staff claiming to help with the email spam issue, an analysis from ReliaQuest researchers revealed. Attackers, whose display names had the "Help Desk" string surrounded by whitespace characters, then lured targets into downloading AnyDesk or opening Quick Assist to facilitate the deployment of the "AntispamAccount.exe," "AntispamUpdate.exe," and "AntispamConnectUS.exe" payloads, with the last one previously identified as the SystemBC malware previously leveraged by Black Basta. Additional network compromise would then be enabled by the installation of Cobalt Strike in the targeted machine, said the report, which urged restricted Microsoft Teams communications to mitigate the risk of compromise. Such findings come months after Black Basta was reported by ReliaQuest and Rapid7 to have conducted a social engineering campaign that involved the impersonation of help desk staff in phone calls instead.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Related

Data compromise confirmed by French telco Free

Immediate action has been taken to protect Free's information systems following the incident, which has not affected operations nor compromised customer credentials, communications content, and banking information, according to a spokesperson.

Over 47K impacted in Texas county breach

Investigation into the incident, which concluded in early September, revealed the breach of individuals' names, Social Security numbers, government IDs, health insurance details, financial account information, and medical treatment data, according to county officials.

Webflow tool increasingly exploited to compromise crypto wallets

Threat actors leveraged Webflow to establish dedicated phishing pages and stealthier custom subdomains mimicking legitimate cryptocurrency wallet sites in an effort to lure targets into inputting their credentials, which are later exfiltrated and used to enable seedphrase compromise, crypto wallet takeovers, and crypto asset theft, a report from Netskope Threat Labs revealed.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.