December 3, 2024
Storm-1811, a financially driven threat actor that employs social engineering techniques, has recently been observed exploiting RMM tools to distribute the Black Basta ransomware.
The threat actor exploits the client management tool, Microsoft Quick Assist, with the intention of delivering Black Basta ransomware as the ultimate payload over the network.
Quick Assist is an application that allows a user to remotely connect to another person and share their Windows or macOS device.
This allows the connecting user to view the device’s display, make annotations, or take complete control—usually for troubleshooting—by remotely connecting to the receiving user’s device.