›Black Basta affiliates pivoting to Microsoft Teams for initial access.›Incident Report: Help desk impersonation leads to full compromise in 12 minutes.›M365 Identity: 130,000 compromised devices identified in latest password spraying botnet.›Black Basta affiliates pivoting to Microsoft Teams for initial access.›Incident Report: Help desk impersonation leads to full compromise in 12 minutes.›M365 Identity: 130,000 compromised devices identified in latest password spraying botnet.
VOL.01 · ISSUE №1— a security engineer's obsession with the why and the how —TUE · 05 MAY 2026
INCIDENT RESPONSE
The 12-Minute Help Desk: Tracking the SNOW Suite
A technical deep dive into Teams-based impersonation, vishing automation, and the SNOW malware ecosystem used by former Black Basta affiliates.
One thing I've been pulling apart — an incident, a malware family, a CTI thread that kept me up. Written from the engineering layer down. No vendor copy. No AI slop. No hot takes from people who read the same three reports you did.
~/subscribe.sh
$ ./subscribe --to=digest
// 0 unsubscribes last month · 0 tracking pixels · plain text only