- Attackers combine spam floods with fake IT support
- Victims trapped in Quick Assist sessions deploying A0Backdoor
- Malware Enables Full Account Control and Remote Code Execution
Cybercriminals are using a new combination of spam and IT support impersonation to deploy malware and take over company devices, experts warn.
BlueVoyant security researchers discovered that cybercriminals begin their attack by flooding their victim’s inbox with spam. Shortly after, they contacted this victim, pretending to be an IT support technician responsible for resolving the spam problem.
Then, they would ask the victim to start a Quick Assist remote session, through which they would temporarily access the target computer. There, under the pretext of “solving the spam problem,” they deployed malware called A0Backdoor.
Article continues below
Black Basta is back?
Impersonating Microsoft Teams and CrossDeviceService components, the malware is deployed and activated using DLL sideloading.
The result is a complete account takeover, providing attackers with remote code execution (RCE) capabilities. This means they can execute arbitrary commands on scripts, download and run additional malware relentlessly, steal data freely, move laterally or deeper within the network. Finally, they can maintain long-term persistence and access or turn the device into a relay for further attacks.
Attribution is relatively difficult, so we cannot know for sure who is behind the attacks, but according to Cybersecurity Newsthe activity “overlaps with tactics previously linked to the Brigantine Blitz”, a group also known as Storm-1811. This is a financially motivated threat actor that Microsoft has previously associated with Black Basta.
For those with shorter memories, Black Basta was once one of the most notorious ransomware gangs, but the group effectively ceased operations and went silent in early 2025.
So far, the group has claimed two victims: a financial institution in Canada and a global healthcare organization. Names have not yet been shared and the group has not publicly claimed responsibility for the attacks.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
