Revival of Black Basta Tactics: Targeting Executives with Automated Phishing

Revival of Black Basta Tactics: Targeting Executives with Automated Phishing

First seen 14 Apr 2026, 17:00 UTC CybernewsCyberscoopreliaquest.comScworldItbrief+5 83% similarity 69.5

Article Content

Browse articles
ThreatCluster

A resurgence of cyber attacks has been linked to former affiliates of the defunct Black Basta ransomware group, focusing on senior executives across various sectors. Recent reports indicate that from March 1 to April 1, 2026, 77% of targeted incidents involved high-level employees, a significant increase from 59% earlier in the year. The attackers employ a two-stage social engineering method, beginning with mass email bombing to overwhelm inboxes, followed by impersonation of IT staff via Microsoft Teams to gain remote access. This campaign has affected over 100 employees in sectors such as manufacturing and professional services, which align with Black Basta's historical targets. Attackers utilize tools like Supremo Remote Desktop and Windows Quick Assist to establish control over compromised systems. The speed of these attacks has also increased, with malicious scripts being executed in as little as 12 minutes after initial contact. The findings suggest a coordinated effort by former affiliates, rather than isolated incidents, indicating a potential evolution of tactics from a previously dismantled group.

Key Points: • 77% of recent attacks targeted senior executives, up from 59% earlier in 2026. • Attackers use email bombing followed by Teams impersonation to gain remote access. • The campaign has affected over 100 employees, primarily in manufacturing and professional services.

ThreatCluster AI

Timeline

2025-02-01
Black Basta's internal chat logs leaked, leading to group's decline.
2026-03-01
Surge in targeted attacks against executives begins.
2026-04-01
77% of observed incidents target senior-level employees.
2026-04-14
ReliaQuest publishes findings on renewed Black Basta tactics.

Community

Browse all →