Black Basta attacks via MS Teams chats - #BlackBasta
The Black Basta ransomware group has altered its attack strategy from using spam emails to leveraging Microsoft Teams chat messages to target organizations. The attackers impersonate IT support staff and initiate contact via MS Teams group chat invitations. They deceive users into clicking on QR codes that lead to fraudulent websites, which closely resemble the legitimate sites of the targeted organizations and can only be distinguished by a careful examination of the subdomain. This new tactic was uncovered by security researchers at ReliaQuest.