Black Basta and the Use of LLMs by Threat Actors
Microsoft Threat Intelligence Podcast
Audio is streamed directly from the publisher (traffic.megaphone.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Microsoft security researchers Anna Seitz and Daria Pop to discuss the latest trends in ransomware and the evolving role of AI in cyber threats. Daria Pop provides insights into the shifting tactics of Black Basta ransomware, including their use of phishing, social engineering, and remote management tools. The discussion also covers the persistence of malvertising and its challenges for defenders. Anna Seitz explores how state-sponsored threat actors, including Forest Blizzard, Emerald Sleet, and Crimson Sandstorm, are leveraging large language models (LLMs) for various malicious activities.
In this episode you’ll learn:
- Why the takedown of Qakbot impacted Black Basta’s strategies
- What malvertising is and why its persistence is due to the complex nature of ad traffic
- How the MITRE Atlas framework assists defenders in identifying new threats
Some questions we ask:
- What role does social engineering play in the campaigns involving Quick Assist?
- How are North Korean threat actors like Emerald Sleep using LLMs for their campaigns?
- Can you explain the changes in Black Basta’s initial access methods over the years?
Resources:
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.