$ subscribe
● BREAKING
Black Basta affiliates pivoting to Microsoft Teams for initial access. Incident Report: Help desk impersonation leads to full compromise in 12 minutes. M365 Identity: 130,000 compromised devices identified in latest password spraying botnet. Black Basta affiliates pivoting to Microsoft Teams for initial access. Incident Report: Help desk impersonation leads to full compromise in 12 minutes. M365 Identity: 130,000 compromised devices identified in latest password spraying botnet.
VOL.01 · ISSUE №1 — a security engineer's obsession with the why and the how — TUE · 05 MAY 2026
INCIDENT RESPONSE

The 12-Minute Help Desk: Tracking the SNOW Suite

Former Black Basta affiliates built a framework to automate social engineering at scale. This is what it looks like when it runs.

2026-05-05 · 8 min read
Read →
Concept illustration of a malicious help desk chat impersonation blending into snow/frost on a dark screen.
## ~/posts $ ls -lt

The feed

2026-05-05 IR The 12-Minute Help Desk: Tracking the SNOW Suite 8 min