Home/ Threat Actors/ Black Basta

🇷🇺Black Basta

🇷🇺 Black Basta is a tracked threat actor in the Clankerusecase corpus. Attributed to RU. Primary motivation: Criminal. We map 5 detection use cases to this actor across 6 MITRE ATT&CK techniques, with 1 threat-intel article citing them. Active in our corpus from 2026-06-12 to 2026-06-12.

high 1

View full actor card → All threat actors

5Use cases

1Articles

6Techniques

0IOCs

Known aliases

Black BastaBlackBasta

Top techniques

T1190 · Exploit Public-Facing Application T1486 · Data Encrypted for Impact T1003.001 · LSASS Memory

All other tracked techniques

T1003 · OS Credential Dumping T1021.002 · SMB/Windows Admin Shares T1569.002 · Service Execution

Detection use cases (5)

Black Basta IT-helpdesk impersonation: Quick Assist / AnyDesk spawn chain after Teams social engineering AI · profile SΣDD Black Basta service-execution detonation: PsExec / SCM remote service + shadow-copy & boot-recovery destruction AI · profile SDD Ransomware-style mass file rename / extension change Internal LSASS process access / dump (credential theft) Internal Remote service execution — PsExec / SMB lateral movement Internal

Threat-intel articles (1)

high Ukrainian national pleads guilty to role in Conti ransomware operation · 2026-06-12