Black Basta\u2019s playbook lives on as former affiliates launch fast-scale intrusion campaign | CyberScoop<\/title> <meta name=\"description\" content=\"The social engineering campaign spiked last month and has targeted dozens of organizations since May 2025, according to ReliaQuest.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/black-basta-affiliates-senior-executives-reliaquest\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Black Basta\u2019s playbook lives on as former affiliates launch fast-scale intrusion campaign\"> <meta property=\"og:description\" content=\"The social engineering campaign spiked last month and has targeted dozens of organizations since May 2025, according to ReliaQuest.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/black-basta-affiliates-senior-executives-reliaquest\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-04-14T16:25:05+00:00\"> <meta property=\"article:modified_time\" content=\"2026-04-14T16:25:08+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/black-bastas-playbook-lives-on-as-former-affiliates-launch-fast-scale-intrusion-campaign-2.jpg\"> <meta property=\"og:image:width\" content=\"2309\"> <meta property=\"og:image:height\" content=\"1299\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1774626878g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1775074092g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1775068334g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/88589\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=88589\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fblack-basta-affiliates-senior-executives-reliaquest%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fblack-basta-affiliates-senior-executives-reliaquest%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-88589 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/black-basta-affiliates-senior-executives-reliaquest\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.75\">\n<div class=\"single-article__header-content\" readability=\"35.225419664269\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/black-basta-affiliates-senior-executives-reliaquest\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> The social engineering campaign spiked last month and has targeted dozens of organizations since May 2025, according to ReliaQuest. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/88589\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"360\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/black-bastas-playbook-lives-on-as-former-affiliates-launch-fast-scale-intrusion-campaign.jpg?resize=640%2C360&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"Phishing concept\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/black-bastas-playbook-lives-on-as-former-affiliates-launch-fast-scale-intrusion-campaign-2.jpg 2309w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/black-bastas-playbook-lives-on-as-former-affiliates-launch-fast-scale-intrusion-campaign-2.jpg?resize=300,168 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/black-bastas-playbook-lives-on-as-former-affiliates-launch-fast-scale-intrusion-campaign-2.jpg?resize=768,432 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/black-bastas-playbook-lives-on-as-former-affiliates-launch-fast-scale-intrusion-campaign-2.jpg?resize=1024,576 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/black-bastas-playbook-lives-on-as-former-affiliates-launch-fast-scale-intrusion-campaign-2.jpg?resize=1536,864 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/black-bastas-playbook-lives-on-as-former-affiliates-launch-fast-scale-intrusion-campaign-2.jpg?resize=2048,1152 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/black-bastas-playbook-lives-on-as-former-affiliates-launch-fast-scale-intrusion-campaign-2.jpg?resize=600,337 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/black-bastas-playbook-lives-on-as-former-affiliates-launch-fast-scale-intrusion-campaign-2.jpg?resize=1200,675 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/black-bastas-playbook-lives-on-as-former-affiliates-launch-fast-scale-intrusion-campaign-2.jpg?resize=1498,843 1498w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"52.563367864227\"><body readability=\"107.62058677275\"><\/p>\n<p>A small group of former Black Basta affiliates have targeted more than 100 employees across dozens of organizations to intrude network systems for potential data theft, ransomware deployment and extortion, according to ReliaQuest.<\/p>\n<p>The social engineering campaign, which involves mass email bombing and Microsoft Teams help desk impersonation, <a href=\"https:\/\/reliaquest.com\/blog\/threat-spotlight-are-former-black-basta-affiliates-automating-executive-targeting\">surged last month<\/a> and dates back to at least May 2025, ReliaQuest said in a report Tuesday. <\/p>\n<p>Attackers have primarily targeted senior leadership to gain highly privileged access. \u201cRoughly three-quarters of targeted users were executives, directors, managers or similarly high-value roles,\u201d researchers who worked on the report told CyberScoop via email. <\/p>\n<p>Cybercriminals involved in Black Basta, an offshoot of Conti, scattered after the threat group\u2019s <a href=\"https:\/\/cyberscoop.com\/black-basta-internal-chat-leak\/\">internal chat logs leaked<\/a> online in February 2025, providing threat researchers and authorities key details about the group\u2019s operations. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>German police publicly identified Oleg Evgenievich Nefedov, a Russian national, as <a href=\"https:\/\/cyberscoop.com\/black-basta-leader-europol-most-wanted-list\/\">Black Basta\u2019s alleged leader<\/a> in January. Nefedov, a 35-year-old who was subsequently added to the most-wanted lists of <a href=\"https:\/\/eumostwanted.eu\/#\/nefedov-oleg-evgenievich\">Europol<\/a> and <a href=\"https:\/\/www.interpol.int\/How-we-work\/Notices\/Red-Notices\/View-Red-Notices#2025-100086\">Interpol<\/a>, allegedly formed and ran Black Basta since 2022, authorities said. <\/p>\n<p>He is accused of extorting more than 100 companies in Germany and about 600 other countries globally.<\/p>\n<p>ReliaQuest said the recently observed campaign shares many similarities with previous Black Basta activity and follows the same playbook \u2014 tooling, targeting and execution style \u2014 associated with the once-prolific ransomware group. <\/p>\n<p>\u201cThat includes the repeated use of remote access tools, a strong concentration in sectors Black Basta historically favored, and a level of speed and coordination that suggests experienced operators are building on a playbook they already know works,\u201d researchers said. <\/p>\n<p>\u201cWe\u2019re careful not to treat any one artifact as definitive proof, but taken together, the similarities are strong enough that we assess it is highly likely former affiliates or closely aligned operators are involved,\u201d ReliaQuest researchers added. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Black Basta\u2019s data leak site was shut down shortly after its internal chats were leaked last year, but uncaptured cybercriminals typically scatter and join new groups in the wake of a takedown or disbandment. Threat hunters warned that former members were still actively targeting additional victims earlier this year. <\/p>\n<p>ReliaQuest released its report, including indicators of compromise, after it observed a particularly sharp spike in activity in March, noting that the group\u2019s targeting was more focused on senior employees.<\/p>\n<p>\u201cThe operators are moving very quickly, with parts of the workflow becoming more automated or highly streamlined, which makes the campaign easier to scale and harder for defenders to interrupt before remote access is established,\u201d researchers said.<\/p>\n<p>The top-five sectors targeted in recent Black Basta-style attacks include manufacturing, professional services, finance and insurance, construction and technology, according to ReliaQuest.<\/p>\n<p>Attackers typically bombard targeted employees with hundreds of emails within minutes and then contact targeted users, posing at IT support via direct messages on Microsoft Teams or a phone call. ReliaQuest said it\u2019s observed some attackers achieve remote access minutes after the first sign of an email bomb.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Researchers did not say how many organizations have been successfully intruded as a result of this campaign thus far. <\/p>\n<p>While extortion appears to be the most likely objective, ReliaQuest cautioned against assuming every attack results in ransomware encryption.<\/p>\n<p>\u201cBased on what we\u2019ve observed, the intrusion chain is built to gain access quickly, understand the environment, and create options for follow-on monetization,\u201d researchers said. \u201cThat could lead to data theft, extortion without encryption, or ransomware deployment, depending on the victim and the opportunity.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.5019455252918\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/black-bastas-playbook-lives-on-as-former-affiliates-launch-fast-scale-intrusion-campaign-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/black-basta-affiliates-senior-executives-reliaquest\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Black Basta\u2019s playbook lives on as former affiliates launch fast-scale<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[72,912,282,78,440,6401,46,3827,6402,256,270,2533,288],"tags":[73,914,286,86,444,6403,54,3828,6404,262,276,2536,294],"class_list":["post-8528","post","type-post","status-publish","format-standard","hentry","category-black-basta","category-conti","category-cybercrime","category-cybersecurity","category-data-breaches","category-email-bombing","category-ransomware","category-reliaquest","category-remote-access-tool","category-research","category-russia","category-social-engineering","category-threats","tag-black-basta","tag-conti","tag-cybercrime","tag-cybersecurity","tag-data-breaches","tag-email-bombing","tag-ransomware","tag-reliaquest","tag-remote-access-tool","tag-research","tag-russia","tag-social-engineering","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/black-basta\/\" rel=\"category tag\">Black Basta<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/conti\/\" rel=\"category tag\">Conti<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/data-breaches\/\" rel=\"category tag\">data breaches<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/email-bombing\/\" rel=\"category tag\">email bombing<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/reliaquest\/\" rel=\"category tag\">ReliaQuest<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/remote-access-tool\/\" rel=\"category tag\">remote access tool<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/social-engineering\/\" rel=\"category tag\">Social engineering<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8528","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8528"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8528\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8528"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8528"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8528"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8528,"date":"2026-04-14T11:25:05","date_gmt":"2026-04-14T16:25:05","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=88589"},"modified":"2026-04-14T11:25:05","modified_gmt":"2026-04-14T16:25:05","slug":"black-bastas-playbook-lives-on-as-former-affiliates-launch-fast-scale-intrusion-campaign","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/04\/14\/black-bastas-playbook-lives-on-as-former-affiliates-launch-fast-scale-intrusion-campaign\/","title":{"rendered":"Black Basta\u2019s playbook lives on as former affiliates launch fast-scale intrusion campaign"},"content":{"rendered":"