Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access to target networks.
« Recently, attackers have introduced Python script execution alongside these techniques, using cURL requests to fetch and deploy malicious payloads, » ReliaQuest said in a report
