Intel Name: Cluster of infrastructure likely used by affiliate of dark scorpius (black basta)
Date of Scan: January 21, 2025
Impact: High
Summary: The infrastructure described is likely used by an affiliate of Dark Scorpius (associated with Black Basta ransomware). The attack began with email bombing to disrupt email systems, followed by social engineering via Microsoft Teams to install remote access tools. Attackers deploy malicious files, including a DLL that communicates with C2 servers, and in some cases, the attack leads to the deployment of Black Basta ransomware.