Black Basta ransomware poses as IT support on Microsoft Teams to breach networks

Black Basta affiliates have adapted their social-engineering tactics by creating external Microsoft Teams accounts that impersonate corporate help-desk staff; after overwhelming targets with benign emails, they contact employees via Teams to convince them to install AnyDesk or launch Windows Quick Assist. Once connected the actors deploy payloads (Antispam*.exe flagged as SystemBC, ScreenConnect, NetSupport, Cobalt Strike) to gain persistent access, escalate privileges, exfiltrate data, and ultimately deliver ransomware; defenders are advised to restrict external Teams communication and enable chat logging.