Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

Former members of the Black Basta ransomware group have re-emerged as part of the CACTUS ransomware operation. They are using phishing via Microsoft Teams, impersonating IT staff, and deploying Python-based payloads for command-and-control. The group also uses email bombing to obscure security alerts, highlighting the evolving tactics of ransomware affiliates.
Link: DIESEC – Top 5 Cybersecurity News Stories June 13, 2025