Black Basta’s Evolving Tactics and the Rising Role of LLMs in Cyber Attack

Black Basta

On the latest episode of the Microsoft Threat Intelligence podcast, host Sherrod DeGrippo and her expert guests delved into the cutting-edge techniques employed by cybercriminal groups, with a particular focus on Black Basta, one of the most notorious extortion gangs, and the growing use of large language models (LLMs) by threat actors. Security researchers Daria Pop and Anna Seitz provided invaluable insights into the latest developments shaping the cybersecurity landscape.

Daria Pop revealed that Black Basta continues to rank among the most active and dangerous extortion groups in recent years. The group has significantly refined its tactics, moving beyond traditional phishing attacks to deploy advanced social engineering schemes. Among their new techniques is the use of remote management tools like TeamsPhisher, which allows them to spread malware through platforms such as Microsoft Teams. This innovative approach has allowed Black Basta to infiltrate corporate networks with alarming ease, highlighting the group’s adaptability.

Pop emphasized that while the methods used by Black Basta may be familiar to cybersecurity professionals, they remain highly effective. The group’s ability to evolve its tactics reinforces the need for continuous monitoring and adaptation by security teams.

DeGrippo and Pop also discussed the broader implications of recent operations targeting cybercriminal infrastructures, specifically the takedown of Qakbot, a malware strain closely associated with Black Basta. The Qakbot disruption temporarily altered Black Basta’s strategy, forcing the group to recalibrate its approach.

The rise of Large Language Models (LLMs) is not just transforming legitimate industries; it’s also being exploited by cybercriminals. Anna Seitz explained how state-sponsored hackers like Forest Blizzard and Emerald Sleet are leveraging LLMs to refine their social engineering attacks, improve their code, and identify vulnerabilities. While LLM-based attacks haven’t yet surpassed known patterns, their potential to significantly amplify the effectiveness and sophistication of cyberattacks is alarming. This arms race between attackers and defenders underscores the urgency for security teams to proactively develop countermeasures against this threat.

Related Posts: