Security Intel Hub
DashboardIntelligenceCVEsAI NewsBlogsThreat Actors
LIVE
HomeThreat ActorsBlack Basta

Black Basta

Also known as: Storm-1811, Cardinal

Overview

Ransomware group believed to include former Conti members. Known for using Microsoft Teams social engineering and Quick Assist for initial access. Targets large enterprises.

MITRE ATT&CK Coverage

Recon
Res Dev
Init Access
Execution
Persistence
Priv Esc
Def Evasion
Cred Access
Discovery
Lat Move
Collection
C2
Exfil
Impact
3 of 14 tactics observed

Raw TTPs

Teams Social EngineeringQuick Assist AbuseRansomwareDouble ExtortionQakbot Distribution

Related Intelligence (2)

HIGHRansomware

Be on the lookout for Mistic, a new backdoor used by ransomware broker

Researchers have identified a new backdoor program that has been used in enterprise intrusions since April and appears to be linked to an initial access broker that sells network footholds to ransomware gangs. Dubbed Mistic by researchers from Symantec , the malware program has been deployed on networks belonging to organizations from multiple sectors, including insurance, education, IT, and profe

Jun 24, 2026CSO Online
HIGHRansomware

New ‘Mistic’ RAT Opens Door to Several Ransomware Families

Mistic is used by Woodgnat, an initial access broker working with Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta. The post New ‘Mistic’ RAT Opens Door to Several Ransomware Families appeared first on SecurityWeek .

Jun 24, 2026SecurityWeek
Origin

Russia

Activity
First Seen
2022
Last Active
2026-03-20
Target Industries
manufacturingfinancehealthcaretechnologyretail
Linked Reports

2

Security Intel Hub

The institutional standard for cybersecurity intelligence. Trusted by security teams worldwide.

Intelligence

  • Threat Intelligence Feed
  • CVE Database Search
  • Threat Actor Profiles
  • Threat Trends

Industries

  • Healthcare Cybersecurity
  • Financial Sector Security
  • Government Cyber Defense
  • Energy Infrastructure Security
  • Technology Sector Threats

Company

  • About
  • Help & Contact
  • Global Threat Map
© 2026 Security Intel Hub. All rights reserved. Intelligence data sourced from verified public sources.