The infamous Black Basta ransomware group has targeted organizations around the world. The gang was previously known to start by bombarding their victims with spam emails. Hackers then pose as IT support staff to gain access to systems. This method has now apparently been improved.
Security researchers at ReliaQuest recently discovered that Black Basta is now using Microsoft Teams chat messages to engage potential victims in conversations. This way, too, attackers disguise themselves as help desk workers. According to the research report, communication is sometimes done via MS Teams group chat invitations.
In chats, hackers then trick users into clicking QR codes that lead to a fake website. Fake sites are made for a target organization and can often only be distinguished from genuine company sites by carefully looking at each subdomain.
Source link