Security News > 2024 > June > Black Basta ransomware gang linked to Windows zero-day attacks

The Black Basta ransomware operation is suspected of exploiting a Windows privilege escalation vulnerability as a zero-day before a fix was made available.
A report by Symantec says that CVE-2024-26169 has been actively exploited by the Cardinal cybercrime group, the operators of the Black Basta gang, noting that there's a good chance it was leveraged as a zero-day.
Symantec investigated an attempted ransomware attack where an exploit tool for CVE-2024-26169 was deployed following an initial infection by the DarkGate loader, which Black Basta has been using since the QakBot takedown.
Below is a demonstration of BleepingComputer testing the exploit on a Windows 11 device that only has the Windows security updates from February installed, before Microsoft fixed the flaw in March.
Black Basta, a ransomware operation believed to be linked to the now-defunct Conti cybercrime syndicate, has previously demonstrated expertise in abusing Windows tools and an in-depth understanding of the platform.
Check Point releases emergency fix for VPN zero-day exploited in attacks.
News URL
Related news
- Play ransomware exploited Windows logging flaw in zero-day attacks (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization (source)
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- BlackLock ransomware claims nearly 50 attacks in two months (source)
- Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-03-12 | CVE-2024-26169 | Unspecified vulnerability in Microsoft products Windows Error Reporting Service Elevation of Privilege Vulnerability | 0.0 |