OTX BotMar 9

New A0Backdoor Linked to Teams Impersonation and Quick Assist Social Engineering

A new backdoor, dubbed A0Backdoor, has been discovered in connection with a campaign using email bombing and IT-support impersonation over Microsoft Teams to gain Quick Assist access. The malware's loader exhibits anti-sandbox evasion techniques, and the campaign's command-and-control has shifted to a covert DNS mail exchange-based channel. This activity is attributed to the threat group Blitz Brigantine, also known as Storm-1811 or STAC5777, and shows similarities to Black Basta-linked social-engineering tactics. The attackers use digitally signed MSI packages, often hosted on Microsoft cloud storage, to deliver their proprietary tooling. The A0Backdoor employs sophisticated techniques such as time-based execution windows, runtime decryption, and DNS tunneling for covert communication. The campaign has been active since August 2025, targeting primarily the finance and health sectors.

Pulse ID: 69abf37e75ba997149f9e95c
Pulse Link: https://otx.alienvault.com/pulse/69abf37e75ba997149f9e95c
Pulse Author: AlienVault
Created: 2026-03-07 09:44:29

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #BlackBasta #Cloud #CyberSecurity #DNS #Email #ICS #InfoSec #Malware #Microsoft #MicrosoftTeams #OTX #OpenThreatExchange #SocialEngineering #Windows #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
ransomNewsFeb 9
⚠️ Black Basta resurfaces with refined ransomware tactics Black Basta ransomware has re-emerged with updated tooling, tighter victim targeting, and improved lateral movement techniques, signaling an operational revival after months of reduced activity. #ransomNews #BlackBasta #ransomware
Marcel SIneM(S)USJan 25
Internationale Fahndung nach Kopf von #BlackBasta - inside-it.ch https://www.inside-it.ch/internationale-fahndung-nach-kopf-von-black-basta-20260116 #Ransomware #Malware #CyberCrime
Internationale Fahndung nach Kopf von Black Basta

Mehrere europäische Strafverfolgungsbehörden kooperieren, um den Kopf der Ransomware-Bande "Black Basta" festzunehmen.

TechNaduJan 19

German police have identified the alleged ringleader of Black Basta ransomware, placing him on the EU most-wanted list with an INTERPOL Red Notice.

Black Basta is linked to ~700 global attacks since 2022.

https://www.technadu.com/german-authorities-identify-black-basta-ringleader-now-added-to-eu-most-wanted-and-interpol-red-notice-lists/618533/

Does naming leadership actually disrupt RaaS operations long-term?

#InfoSec #Ransomware #BlackBasta #CyberCrime

The New OilJan 19

#BlackBasta boss makes it onto #Interpol's 'Red Notice' list

https://www.bleepingcomputer.com/news/security/black-basta-boss-makes-it-onto-interpols-red-notice-list/

#cybercrime #ransomware

Black Basta boss makes it onto Interpol's 'Red Notice' list

The identity of the Black Basta ransomware gang leader has been confirmed by law enforcement in Ukraine and Germany, and the individual has been added to the wanted list of Europol and Interpol.

BleepingComputer
Tommy KavanaghJan 16

#cyber #cyberSecurity #conti #blackBasta

https://infosec.exchange/@BleepingComputer/115906316667250247
[email protected] - The identity of the Black Basta ransomware gang leader has been confirmed by law enforcement in Ukraine and Germany, and the individual has been added to the wanted list of Europol and Interpol.

https://www.bleepingcomputer.com/news/security/black-basta-boss-makes-it-onto-interpols-red-notice-list/

BleepingComputer (@[email protected])

The identity of the Black Basta ransomware gang leader has been confirmed by law enforcement in Ukraine and Germany, and the individual has been added to the wanted list of Europol and Interpol. https://www.bleepingcomputer.com/news/security/black-basta-boss-makes-it-onto-interpols-red-notice-list/

Infosec Exchange
chirpOct 22
Group 78 #europe #europol #eurojust #usa #fbi #intel #blackbasta [ https://www.lemagit.fr/tribune/Enquete-Tramp-Black-Basta-la-source-qui-en-savait-trop ] [ https://www.lemonde.fr/en/pixels/article/2025/10/16/revelations-on-group-78-the-secret-us-task-force-that-fights-cybercriminals_6746474_13.html ] [ https://www.zeit.de/digital/2025-10/ransomware-blackbasta-fbi-bka ]
Enquête Tramp/Black Basta : la source qui en savait trop | LeMagIT

Selon Le Monde et Die Zeit, un mystérieux « Group 78 » aurait organisé des fuites d’information sur le groupe de rançongiciel Black Basta, visant notamment à les déstabiliser. Ai-je compté parmi leurs destinataires ?

LeMagIT
CyberVeille.chOct 19
📢 ICO inflige 14 M£ à Capita après l’attaque BlackBasta: 6+ M de dossiers compromis
📝 Selon le blog BushidoToken (référence fournie), l’ICO a sanctionné Capita d’une amende de 14 M£ à la suite d’une attaque BlackBasta...
📖 cyberveille : https://cyberveille.ch/posts/2025-10-19-ico-inflige-14-mps-a-capita-apres-lattaque-blackbasta-6-m-de-dossiers-compromis/
🌐 source : https://blog.bushidotoken.net/2025/10/lessons-from-blackbasta-ransomware.html
#BlackBasta #Capita #Cyberveille
ICO inflige 14 M£ à Capita après l’attaque BlackBasta: 6+ M de dossiers compromis

Selon le blog BushidoToken (référence fournie), l’ICO a sanctionné Capita d’une amende de 14 M£ à la suite d’une attaque BlackBasta en mars 2023 ayant compromis plus de 6 millions d’enregistrements, pour un coût de remédiation pouvant atteindre 20 M£. L’analyse met en lumière des failles systémiques (alertes manquées pendant 58 heures, SOC sous-doté, segmentation AD insuffisante, recommandations de tests d’intrusion non mises en œuvre) et en tire des enseignements concrets pour les équipes sécurité.

CyberVeille
gaby_waldOct 16

Des nouvelles de la lutte contre le #CyberCrime par le #FBI : "Révélations sur le « Group 78 », une unité secrète américaine chargée de la lutte contre les cybercriminels" #Group78 #CyberSécurité #BlackBasta ...

https://www.lemonde.fr/pixels/article/2025/10/16/revelations-sur-le-group-78-une-unite-secrete-americaine-chargee-de-la-lutte-contre-les-cybercriminels_6647096_4408996.html

Révélations sur le « Group 78 », une unité secrète américaine chargée de la lutte contre les cybercriminels

En novembre 2024, la présentation de cette task force par le FBI à des policiers et des magistrats européens a choqué certains enquêteurs. Ils craignent notamment pour l’intégrité de leurs investigations.

Le Monde
Tinker ☀️Jun 23, 2025

Different Tinker.

#tinker #blackBasta #infoSec #hacking