HIGHRansomware
Verified
Global
Black Basta Ransomware Pivots to Microsoft Teams Social Engineering
·Source: Microsoft Threat Intelligence
Updated:
Executive Summary
Black Basta affiliates using Microsoft Teams messages and Quick Assist for initial access, bypassing email security controls entirely.
Analysis
Black Basta affiliates are impersonating IT help desk staff via Microsoft Teams, contacting employees about fake security issues and requesting Quick Assist remote sessions. Once connected, they deploy Cobalt Strike and ransomware payloads. Technique bypasses email-based security controls completely. Over 50 organizations targeted in March.
Timeline
Discovered
Mar 10, 2026
Exploitation Detected
Mar 10, 2026
Published
Mar 18, 2026