Russia-based ransomware group “Black Basta” has adopted a new social engineering tactic, impersonating Microsoft support staff to breach company systems.
According to cybersecurity firm ReliaQuest, the group initiates contact by spamming emails, then follows up with messages on Microsoft Teams, appearing under the .onmicrosoft.com domain. Through Teams, attackers trick users into downloading remote-access software, such as AnyDesk or QuickAssist, giving the group control over company devices.
ReliaQuest warns that Black Basta aims to lock internal company data and demand cryptocurrency ransoms, capitalizing on trust in Microsoft’s platform. To protect against these tactics, cybersecurity experts advise adjusting Microsoft Teams privacy settings to block external contacts and ensuring email systems have robust spam filters.
Black Basta, active since 2022, has reportedly extorted over $107 million from 115 companies worldwide, including prominent healthcare providers. This incident highlights the ongoing risk of tech support scams and the importance of vigilance in corporate cybersecurity.
