THREAT ACTOR: Black Basta Group

First discovered in April 2022, hitting almost 50 organization in the months after.

Victims include manufacturing, utilities, transport, and government agencies in countries around the world including the United States, UK, India, Canada, Australia, New Zealand, and UAE.

Recently, VMWare ESXi variants of Black Basta have been discovered that target virtual machines running on Linux servers, alongside the versions which infect Windows systems.

In addition, many of the attacks have made use of Qakbot (also known as QBot) to help it spread laterally through an organisation, perform reconnaissance, steal data, and execute payloads. Furthermore, a group policy object is created on compromised domain controllers to disable Windows Defender and anti-virus solutions. [source:]


Incidents Associated with this Threat

  • June 29, 2022: Largest Building Material Producer Attacked by Black Basta Ransomware Group
  • April 22, 2022: Theft of Member Data Reported in ADA Ransomware Attack

Malware Used by this Threat Actor

No malware identified for this threat actor.

Pin It on Pinterest

Scroll to Top