Black Basta and the Use of LLMs by Threat Actors

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Microsoft security researchers Anna Seitz and Daria Pop to discuss the latest trends in ransomware and the evolving role of AI in cyber threats. Daria Pop provides insights into the shifting tactics of Black Basta ransomware, including their use of phishing, social engineering, and remote management tools. The discussion also covers the persistence of malvertising and its challenges for defenders. Anna Seitz explores how state-sponsored threat actors, including Forest Blizzard, Emerald Sleet, and Crimson Sandstorm, are leveraging large language models (LLMs) for various malicious activities.  

In this episode you’ll learn:       

• Why the takedown of Qakbot impacted Black Basta’s strategies 
• What malvertising is and why its persistence is due to the complex nature of ad traffic 
• How the MITRE Atlas framework assists defenders in identifying new threats 

Some questions we ask:       

• What role does social engineering play in the campaigns involving Quick Assist? 
• How are North Korean threat actors like Emerald Sleep using LLMs for their campaigns? 
• Can you explain the changes in Black Basta’s initial access methods over the years? 

Resources:  

View Anna Seitz on LinkedIn  

View Daria Pop on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

Related Microsoft Podcasts:                   

• Afternoon Cyber Tea with Ann Johnson 
• The BlueHat Podcast 
• Uncovering Hidden Risks     

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.