Ex-Black Basta Members Employ Microsoft Teams and Python Scripts in 2025 Cyber Attacks
June 11, 2025
Ransomware / Cybersecurity
Former affiliates of the Black Basta ransomware group are reportedly sticking to familiar tactics, utilizing email bombing and Microsoft Teams phishing to gain sustained access to targeted networks. Recent reports from ReliaQuest, shared with The Hacker News, reveal that attackers have begun incorporating Python script execution along with these methods, using cURL requests to retrieve and deploy malicious payloads. This evolution indicates that threat actors are adapting and reorganizing despite challenges faced by the Black Basta identity following the public leak of its internal communications earlier this February. The cybersecurity firm found that 50% of Teams phishing incidents recorded between February and May 2025 originated from onmicrosoft[.]com domains, with breached domains contributing to 42% of all attacks during that timeframe. This approach proves particularly stealthy, enabling attackers to masquerade as legitimate traffic.
Ransomware / Cybersecurity
Former Black Basta Operatives Leverage Microsoft Teams and Python in 2025 Cyber Attacks June 11, 2025 A resurgence of cybercrime tactics has emerged from erstwhile operations linked to the Black Basta ransomware group, with recent attacks revealing a continued reliance on traditional methods like email bombing and phishing through Microsoft…
Ex-Black Basta Members Employ Microsoft Teams and Python Scripts in 2025 Cyber Attacks
June 11, 2025
Ransomware / Cybersecurity
Former affiliates of the Black Basta ransomware group are reportedly sticking to familiar tactics, utilizing email bombing and Microsoft Teams phishing to gain sustained access to targeted networks. Recent reports from ReliaQuest, shared with The Hacker News, reveal that attackers have begun incorporating Python script execution along with these methods, using cURL requests to retrieve and deploy malicious payloads. This evolution indicates that threat actors are adapting and reorganizing despite challenges faced by the Black Basta identity following the public leak of its internal communications earlier this February. The cybersecurity firm found that 50% of Teams phishing incidents recorded between February and May 2025 originated from onmicrosoft[.]com domains, with breached domains contributing to 42% of all attacks during that timeframe. This approach proves particularly stealthy, enabling attackers to masquerade as legitimate traffic.