Are Former Black Basta Affiliates Automating Executive Targeting?
ID: c1bbff5b-6507-51ce-ad76-0a4b129b0504
STIX ID: report--c1bbff5b-6507-51ce-ad76-0a4b129b0504
Feed Name: ReliaQuest Blog
Threat Score
**Executive summary:** ReliaQuest assesses that former Black Basta affiliates are running a coordinated, automated campaign that combines high-volume email bombing with Teams-based help-desk impersonation to quickly coerce senior executives into initiating RMM sessions (e.g., Supremo, Quick Assist), enabling hands-on access and likely pre-ransomware staging; the activity surged in March 2026, disproportionately targets manufacturing and PSTS sectors, and includes observable IOCs and actionable mitigation guidance.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.