Former Black Basta Affiliates Launch New Cyber Intrusion Campaign Targeting U.S. Sectors
A group of former affiliates of the cybercriminal organization Black Basta has initiated a new wave of cyber intrusions targeting senior executives across various U.S. sectors. According to a report by ReliaQuest, these attacks involve sophisticated social engineering tactics, including mass email bombing and impersonation of IT support via Microsoft Teams. The campaign, which began in May 2025, has seen a surge in activity recently, with attackers focusing on gaining remote access to systems for potential data theft, extortion, or ransomware deployment. The targeted sectors include manufacturing, professional services, finance, construction, and technology. The attackers aim to quickly gain access and understand the environment to monetize their intrusions, although not all attacks result in ransomware encryption. 
