This report was processed and collated by the Elemendar CTI team and includes Mitre ATT&CK TTPS and IOCs collated from using one of our products; READ., an AI-driven Cybersecurity tool.
For further information or a demonstration of our products please visit our website: elemendar.ai You can download the report PDF below:
Contents
Executive Summary
Black Basta ransomware poses as IT support on Microsoft Teams to breach networks
The Black Basta ransomware group, active since April 2022, has expanded to social engineering attacks via Microsoft Teams, often posing as IT help desks. Black Basta has affected over 500 organisations globally, using phishing, Qakbot, and Cobalt Strike for access. Recent tactics include spam floods and malicious QR codes to bypass security.
By exploiting trusted platforms like Teams, the group circumvents traditional defences, creating significant risks for targeted corporate environments. The QR codes are almost certain to direct victims to malicious sites, enabling data theft, malware deployment, or unauthorised access.
BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers
New Encoding Technique Jailbreaks ChatGPT-4o To Write Exploit Codes
Black Basta Ransomware poses as IT support on Microsoft Teams to breach networks
The Black Basta (BB) ransomware group has now adapted its tactics, techniques and procedures (TTP’s) by conducting social engineering attacks through Microsoft Teams.
Elemendar CTI Analyst comment: BB has been operating as a Ransomware-as-aService (RaaS) group since April 2022, impacting a broad spectrum of verticals and critical infrastructure across North America, Europe, and Australia. As of September 2024, over 500 organisations worldwide have been affected, with BB affiliates gaining initial access through common tactics such as phishing, Qakbot malware and Cobalt Strike. Due to similar TTPs, BB is also believed to be made up of former members of Russian speaking cybercriminal groups Conti, BlackMatter and FIN7. Comment Ends.
In May 2023, cybersecurity firms Rapid7 and ReliaQuest highlighted BB’s TTP’s involving a social engineering scheme that inundated targeted employees' inboxes with thousands of spam emails, ranging from newsletters to sign-up confirmations. Though benign, the flood of emails overwhelmed employees, prompting attackers to pose as IT help desk representatives to “assist” with the spam issue. Using this tactic, the attackers would call the employee, guiding them to install the AnyDesk remote support tool or granting remote access through Windows Quick Assist. Once access was granted, the attackers installed malicious tools like ScreenConnect, NetSupport Manager, and Cobalt Strike, which allowed continued remote control of the compromised device. With access established, the attackers spread throughout the network, elevating privileges, exfiltrating sensitive data, and eventually deploying ransomware.
In October 2024, ReliaQuest reported that BB had advanced its previous TTp’s, leveraging Microsoft Teams as a platform for social engineering. The attackers begin by overwhelming the employee's email inbox with spam, then proceed to contact the employee directly on Microsoft Teams, posing as an IT help desk representative using external user accounts. These accounts are set up to resemble help desk services, with names like “securityadminhelper” and “supportserviceadmin” to appear legitimate. The attackers carefully craft display names to include “Help Desk,” creating a false sense of trust. In many cases, targeted users are engaged in "OneOnOne" chat, further emphasising the illusion of personalised IT support.
Elemendar CTI Analyst comment: QR codes sent through Microsoft Teams chats were also used in this attack. When accessed, the QR codes directed the victim to hostile domains. The exact function of these QR codes remains unknown. Comment Ends.
Once remote access is gained via AnyDesk or Quick Assist, the attackers deploy malicious executables labelled as anti-spam tools, including files like "AntispamAccount.exe" and "AntispamUpdate.exe." Security researchers identified "AntispamConnectUS.exe" as SystemBC, a proxy malware used by Black Basta in the past. Ultimately, Cobalt Strike, a post-exploitation toolkit, is installed to maintain comprehensive access to the compromised system, allowing attackers to move deeper into the network.
Elemendar Intelligence Assessment: BB’s most recent attack vector signifies a growing trend toward exploiting trusted communication platforms within corporate environments, particularly for social engineering campaigns. By manipulating well-known tools such as Microsoft Teams, the group exploits employee familiarity and trust in IT systems. Due to the rise in use and reliance on collaborative software, this trend is highly likely to increase.
Though the precise intent for the QR codes seen by Relliaquest remains unknown, it is almost certain the victim will be directed to malicious sites designed to steal information, deploy malware, or initiate unauthorised access to their devices. Such attacks leverage the familiarity and ease of QR codes, causing the victim to unwittingly download malware. By relying on the victim to download and subsequently execute the malware, the threat actor can bypass security tools and is likely to reduce both the time to gain access to the network and the footprint left by the threat actor.
As seen with other attacks by BB, success for this threat actor is likely to lead to adverse consequences for enterprises, including data exfiltration and exposure, where attackers gain access to sensitive corporate information, increasing the risk of data breaches and potential regulatory fines. Additionally, ransomware deployment often results in substantial operational disruption, causing significant downtime for organisations. The financial impact is also considerable, as businesses must bear the costs of remediation, recovery efforts, and potentially ransom payments, all of which place heavy operational and financial burdens on affected verticals. Assessment Ends.
BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers
In September 2024, three malicious Node Package Manager (npm) packages—passports-js, bcrypts-js, and blockscan-api—were found to contain BeaverTail, a JavaScript-based downloader and info-stealer associated with the North Korean (DPRK) “Contagious Interview” campaign.
Elemendar CTI Analyst comment: Npm packages are collections of code that are used as building blocks for developing applications in JavaScript, especially within the Node.js environment. These packages can contain libraries, utilities, modules, or frameworks that developers can easily integrate into their own projects to perform specific tasks, like handling HTTP requests, managing databases, or adding authentication. “Contagious Interview” is a campaign conducted by an unknown DPRK linked threat actor whose intent is to target developers and deceive them into downloading malware, often disguised as coding tests or video call applications. The campaign, also known as Tenacious Pungsan, deploys BeaverTail to fetch InvisibleFerret, a Python-based malware with data exfiltration and remote access capabilities. Comment Ends.
Earlier in August, cybersecurity firm Phylum reported similar npm packages distributing BeaverTail. This campaign continually targets the cryptocurrency sector, with attackers using typosquatting tactics, particularly mimicking the etherscan-api package. The attack strategy has evolved; with cybersecurity company Stacklok recently uncovering new packages—eslint-module-conf and eslint-scope-util—designed to steal cryptocurrency and maintain persistent access to developer devices.
The primary infection chain begins with social engineering, luring job seekers to clone GitHub repositories with malicious npm dependencies, posing as part of a job assessment. The malicious BeaverTail script collects system information, steals browser-stored credentials, and scans for cryptocurrency wallet extensions. It then connects to a DPRK-controlled command-and-control (C2) server, exfiltrating data and fetching the InvisibleFerret malware in Python. InvisibleFerret performs keylogging, system fingerprinting, and persistent command execution, while targeting browser databases to steal credentials, payment data, and sensitive information.
Fig. 1: InvisibleFerret malware lifecycle (Source: Unit 42).
The obfuscation methods used, such as self-invoking functions, hexadecimal encoding, and control flow manipulation hinder detection. InvisibleFerret operates as a multistage Remote Access Trojan (RAT), downloaded as .npl files and embedded in hidden directories, making detection challenging. Each stage is tailored to its target system, with additional payloads downloaded based on the operating system.
Elemendar Intelligence Assessment: These reports highlight the vulnerabilities in the open-source ecosystem, where threat actors exploit trusted platforms and transitive dependencies to insert hidden malicious code, expanding the attack surface. DPRK linked actors are highly likely to continue to use these tactics to infiltrate cryptocurrency and Web3 sectors.
Whilst the motives for the threat actor mentioned within the reports remains unknown, APTs linked to DPRK are known to have two motives; espionage and revenue collection. Revenue is used to sustain the regime within the DPRK and any sensitive data collated is likely to be used to improve upon state sponsored technological projects.
DPRK linked threat actors are almost certain to continue to exploit npm’s open-source ecosystem as a vector for malware distribution; this is highly likely to affect multiple verticals. Assessment Ends.
New Encoding Technique Jailbreaks ChatGPT-4o To Write Exploit Codes
Recent findings reveal critical vulnerabilities in OpenAI's latest language model, GPT-4o, exposing gaps in its ability to prevent misuse for generating harmful code. However, researchers have identified techniques for bypassing its safety protocols, enabling the model to produce exploit code and circumvent content moderation safeguards.
Elemendar CTI Analyst comment: Released on May 13 2024, GPT-4o is a high-speed, multifunctional AI capable of processing multimodal inputs across languages and maintaining context over extended conversations. Comment Ends.
Security expert Marco Figueroa demonstrated a new encoding method that allows GPT-4o and similar AI models to bypass internal security filters. This approach exploits GPT-4o's tendency to process instructions sequentially without assessing the overall context, using hexadecimal encoding to mask exploit commands as innocuous inputs. When these hex-encoded instructions are fed to GPT-4o, the model decodes them without recognizing their malicious intent, generating harmful code in response. This compartmentalised execution highlights a significant gap: while GPT-4o can interpret instructions accurately, it lacks the deep context awareness needed to detect harmful outcomes across multi-step commands.
In a controlled experiment, Figueroa encoded instructions to exploit CVE-2024-41110, a high-severity Docker vulnerability, in hexadecimal. By instructing GPT-4o to decode and process these hex inputs, he successfully bypassed its content moderation, resulting in a working exploit for the vulnerability. Figueroa even observed GPT-4o attempting to execute the generated code, underscoring the risks associated with the model's step-by-step processing, which can lead to unintended behaviours.
The study also found that GPT-4o’s moderation systems could be bypassed using alternative spelling or formatting of harmful commands (e.g., "3xploit" instead of "exploit"). Such modifications evade word filters, exposing the model’s reliance on straightforward pattern recognition for content moderation rather than a deeper contextual understanding of user intent. This vulnerability raises concerns about attackers’ ability to adapt and evade AI safety measures using simple encoding and rephrasing tactics.
The findings align with a recent advisory from Vulcan Cyber’s Voyager18 team, warning that AI models like ChatGPT could facilitate attacks within development environments. By leveraging these models to inject malicious packages or generate exploitative code libraries, attackers can bypass conventional detection methods, introducing new risks to software supply chains. Figueroa notes that, in contrast, competing models such as those by Anthropic employ more sophisticated safety layers, using dual-filter systems to better analyse both input and output, making similar bypasses considerably harder to execute.
Elemendar Intelligence Assessment: When used in the attack function, AI generated code can be an extremely powerful tool for threat actors and provide significant advantages, primarily through speed and efficiency, enabling rapid creation and iteration of complex, customised malware that would otherwise take extensive time to produce manually. It also introduces polymorphic capabilities, allowing the AI to alter code patterns and generate unique variations for each instance, evading traditional signature-based detection.
Enhanced evasion techniques can be identified and implemented by AI to bypass defences like Endpoint Detection and Response (EDR) systems and firewalls, making malware harder to detect and mitigate. Additionally, AI can automate exploit generation by pinpointing vulnerabilities and crafting exploits, lowering the skill barrier for sophisticated attacks and generate scalable attack variants, which allows threat actors to create multiple vectors, increasing the chances of a successful breach across various targets.
AI is almost certain to become a common tool in the threat actors arsenal. With few limitations on what can be generated, the threat from AI generated code is almost certain to present an enduring threat to all verticals. Assessment Ends.
Annex A: References
Black Basta ransomware poses as IT support on Microsoft Teams to breach networks
BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers
New Encoding Technique Jailbreaks ChatGPT-4o To Write Exploit Codes
Annex B: STIX Entities
Black Basta ransomware poses as IT support on Microsoft Teams to breach networks
Mitre ATT&CK TTPs
ID | Name | Tactic | Description |
T1584.008 | Network Devices | Resource Development | Threat actors develop or acquire access to network devices to facilitate malicious activities. |
T1114 | Email Collection | Collection | Adversaries collect emails to gather sensitive information, such as credentials or internal data. |
T1087.001 | Local Account | Discovery | Adversaries gather information on local accounts to identify users and escalate privileges. |
T1534 | Internal SpearPhishing | Initial Access | Adversaries use spearphishing tactics targeting internal users to gain access within the network. |
IOCs
Type | Value |
Domain Name | securityadminhelper.onmicrosoft[.]com |
Domain Name | supportserviceadmin.onmicrosoft[.]com |
Domain Name | supportadministrator.onmicrosoft[.]com |
Domain Name | cybersecurityadmin.onmicrosoft[.]com |
Domain Name | qr-s1[.]com |
File | AntispamAccount[.]exe |
File | AntispamUpdate[.]exe |
File | AntispamConnectUS[.]exe |
BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers
Mitre ATT&CK TTPs
ID | Name | Tactic | Description |
T1608 | Stage Capabilities | Resource Development | Preparation of tools, infrastructure, or code to support future exploitation or operations. |
T1562.011 | Spoof Security Alert | Impair Defences | Manipulating security alerts to appear false or misleading, reducing detection accuracy. |
T1608.001 | Upload Malware | Resource Development | Placing malware on a compromised system or platform as part of a staged attack. |
T1656 | Impersonation | Resource Development | Imitating trusted identities to deceive and gain access to systems or networks. |
T1586.001 | Social Media Accounts | Resource Development | Creating social media accounts for social engineering or operational purposes. |
T1033 | System Owner/User Discovery | Discovery | Identifying the owner or user of a system to gather context or prepare for further action. |
T1568.003 | DNS Calculation | Command and Control | Using DNS requests to encode or send command and control instructions for malware operations. |
T1587.001 | Malware | Resource Development | Development or acquisition of malware for future use in cyber operations. |
T1562 | Impair Defences | Defence Evasion | Disabling or manipulating defensive controls to avoid detection or prevention. |
T1059.007 | JavaScript | Execution | Using JavaScript as a scripting language to execute commands on a target system. |
T1556.004 | Network Device Authentication | Credential Access | Targeting network devices to capture or bypass authentication mechanisms. |
IOCs
Type | Value |
IP address (C2 BeaverTail and InvisibleFerret) | 95.164.17[.]24 |
IP address (C2 BeaverTail and InvisibleFerret) | 185.235.241[.]208 |
SHA256 hash (BeaverTail Installer) | 000b4a77b1905cabdb59d2b576f6da1b2ef55a0258004e4a9e290e9f41fb6923 |
SHA256 hash (BeaverTail Installer) | 9abf6b93eafb797a3556bea1fe8a3b7311d2864d5a9a3687fce84bc1ec4a428c |
SHA256 hash (BeaverTail) | 0f5f0a3ac843df675168f82021c24180ea22f764f87f82f9f77fe8f0ba0b7132 |
SHA256 hash (BeaverTail) | d801ad1beeab3500c65434da51326d7648a3c54923d794b2411b7b6a2960f31e |
SHA256 hash (BeaverTail) | 36cac29ff3c503c2123514ea903836d5ad81067508a8e16f7947e3e675a08670 |
SHA256 hash (BeaverTail) | de6f9e9e2ce58a604fe22a9d42144191cfc90b4e0048dffcc69d696826ff7170 |
SHA256 hash (BeaverTail) | fd9e8fcc5bda88870b12b47cbb1cc8775ccff285f980c4a2b683463b26e36bf0 |
SHA256 hash (BeaverTail) | 0621d37818c35e2557fdd8a729e50ea662ba518df8ca61a44cc3add5c6deb3cd |
SHA256 hash (BeaverTail) | 9e3a9dbf10793a27361b3cef4d2c87dbd3662646f4470e5242074df4cb96c6b4 |
SHA256 hash (BeaverTail) | d5c0b89e1dfbe9f5e5b2c3f745af895a36adf772f0b72a22052ae6dfa045cea6 |
SHA256 (InvisibleFerret) | 07183a60ebcb02546c53e82d92da3ddcf447d7a1438496c4437ec06b4d9eb287 |
SHA256 (InvisibleFerret) | 10f86be3e564f2e463e45420eb5f9fbdb14f7427eac665cd9cc7901efbc4cc59 |
SHA256 (InvisibleFerret) | 1c218d15b35b79d762b966db8bc2ca90fc62a95903bd78ac85648de1d828dbce |
SHA256 (InvisibleFerret) | 34170bda5eb84d737577096438a776a968cb36eff88817f12317edcb9d144b35 |
SHA256 (InvisibleFerret) | 4343fa4e313a61f10de08fa5b1b8acb98589faf5739ab5b606f540983b630f79 |
SHA256 (InvisibleFerret) | 486a9a79bbb81abee2e81679ace6267c3f3e37d9b8c8074f9ec7aebc9be75cdd |
SHA256 (InvisibleFerret) | 589e22005aa166b207a7aa7384dd3c7f90b71775688e587108801c3894a43358 |
SHA256 (InvisibleFerret) | 5e820d8b2bd139b3018574c349cd48ce77e7b31cf85e9462712167fcab99b30a |
SHA256 (InvisibleFerret) | 6e065f1e4d1d8232da5de830d270a13fff8284a91e81c060377ebe66aa75d81d |
SHA256 (InvisibleFerret) | 8563eecbc85a0c43b689b9d9f31fe5977e630c276dee0d7dbfe1a47ab1ab4550 |
SHA256 (InvisibleFerret) | 8de446957ce96826628c88da9fd4e7ff9d6327d8004afc4e9e86d59e7d6948dc |
SHA256 (InvisibleFerret) | 9ece783ac52c9ec2f6bdfa669763a7ed1bbb24af1e04e029a0a91954582690cf |
SHA256 (InvisibleFerret) | a69e89a62203b8f2f89ec12a13e46c71b6b4d505deb19527ff73fd002df9bc6b |
SHA256 (InvisibleFerret) | ad8a819d7b68905fa6a8425295755c329504dd0bb48b2fba8dd17e54562b0c6f |
SHA256 (InvisibleFerret) | b9be6b0ac414ac2a033c17c3ac649417e97e5d0580db796a8ff55169299de50e |
SHA256 (InvisibleFerret) | cde5afd20b7bb5c9457b68e02c13094125025fb974df425020361303dc6fcdfc |
SHA256 (InvisibleFerret) | d0a5b9dc988834cc930624661e6e7dd1943d480d75594fff0f4bc39d229c5999 |
SHA256 (InvisibleFerret) | e0568196f1494137a5bbee897a37bc4fe15f87175b57a30403450a88486190c4 |
SHA256 (InvisibleFerret) | f08e88c7397443e35697e145887af2683a83d2415ccd0c7536cea09e35da9ef7 |
New Encoding Technique Jailbreaks ChatGPT-4o To Write Exploit Codes
Mitre ATT&CK TTPs
ID | Name | Tactic | Description |
T1659 | Content Injection | Impact | Adversaries may manipulate content displayed to users, modifying the data served or viewed in applications or on websites to influence user perception or behaviour. This can be done for deceptive purposes, to distribute malicious content, or to capture sensitive information. |
T1132 | Data Encoding | Command and Control | Adversaries may encode data to avoid detection and analysis. Encoding schemes can vary (e.g., Base64, ASCII), allowing adversaries to obfuscate commands or payloads and bypass content filters. This technique can make network traffic appear benign or bypass data integrity monitoring. |
Probability Language
This document uses probability language based on assessment. Further information can be found in the image below:
Feedback
We welcome your feedback, this ensures we meet your needs.
Please contact our CTI Director at : CTI@elemendar.ai
Acknowledgements
Authored by Paul Montgomery, CTI Director Elemendar
very helpful!!