Black Basta and the Use of LLMs by Threat Actors

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Microsoft security researchers Anna Seitz and Daria Pop to discuss the latest trends in ransomware and the evolving role of AI in cyber threats. Daria Pop provides insights into the shifting tactics of Black Basta ransomware, including their use of phishing, social engineering, and remote management tools. The discussion also covers the persistence of malvertising and its challenges for defenders. Anna Seitz explores how state-sponsored threat actors, including Forest Blizzard, Emerald Sleet, and Crimson Sandstorm, are leveraging large language models (LLMs) for various malicious activities.     In this episode you’ll learn:        Why the takedown of Qakbot impacted Black Basta’s strategies  What malvertising is and why its persistence is due to the complex nature of ad traffic  How the MITRE Atlas framework assists defenders in identifying new threats    Some questions we ask:        What role does social engineering play in the campaigns involving Quick Assist?  How are North Korean threat actors like Emerald Sleep using LLMs for their campaigns?  Can you explain the changes in Black Basta’s initial access methods over the years?    Resources:   View Anna Seitz on LinkedIn   View Daria Pop on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.