500 Victims In, Black Basta Reinvents With Novel Vishing Strategy

Researchers observed a new Black Basta campaign that overwhelms targets with spam emails and then uses phone-based social engineering to pose as IT support, convincing victims to install AnyDesk or use Quick Assist; attackers then execute batch scripts that deploy OpenSSH, create persistent run keys, and establish reverse shells to enable ongoing C2 access. The activity affects a broad set of industries including critical infrastructure sectors and leverages both social engineering and an exploited ConnectWise ScreenConnect vulnerability (CVE-2024-1709) as initial-access vectors; no large-scale exfiltration or extortion has been reported in this specific campaign so far.