The cybercriminal group Storm-1811 has been exploiting remote monitoring and management (RMM) tools, such as Microsoft’s Quick Assist, to deploy Black Basta ransomware. They initiate attacks by flooding victims’ inboxes with spam emails—a tactic known as email bombing—and then impersonate IT support personnel via phone calls or Microsoft Teams messages to offer assistance. Once trust is established, they persuade victims to grant remote access through tools like Quick Assist, AnyDesk, or TeamViewer. This access allows attackers to conduct reconnaissance, move laterally within networks, and establish persistent backdoors using SSH tunnels. To mitigate these threats, organizations are advised to maintain strict control over approved RMM tools, monitor for unauthorized usage, and educate users about recognizing and reporting social engineering tactics.
Source: Cyber Press
CyberCasta 
Leave a comment