The notorious Black Basta ransomware group is targeting organizations around the world. The gang was previously known for first bombarding its victims with spam emails. The hackers then pretended to be IT support to gain access to systems. This method has now apparently been further developed.
Security researchers at ReliaQuest recently discovered that Black Basta is now using Microsoft Teams chat messages to engage potential victims in conversations. In this method, too, the attackers disguise themselves as help desk employees. According to the research report, contact is sometimes made via invitations to MS Teams group chats.
In the chats, the criminals then trick users into clicking on QR codes that lead to a fraudulent website. The fraudulent sites are tailored to the target organization and can often only be distinguished from genuine company sites by carefully checking the subdomain.