Security News > 2024 > June > Black Basta ransomware gang linked to Windows zero-day attacks

The Black Basta ransomware operation is suspected of exploiting a Windows privilege escalation vulnerability as a zero-day before a fix was made available.

A report by Symantec says that CVE-2024-26169 has been actively exploited by the Cardinal cybercrime group, the operators of the Black Basta gang, noting that there's a good chance it was leveraged as a zero-day.

Symantec investigated an attempted ransomware attack where an exploit tool for CVE-2024-26169 was deployed following an initial infection by the DarkGate loader, which Black Basta has been using since the QakBot takedown.

Below is a demonstration of BleepingComputer testing the exploit on a Windows 11 device that only has the Windows security updates from February installed, before Microsoft fixed the flaw in March.

Black Basta, a ransomware operation believed to be linked to the now-defunct Conti cybercrime syndicate, has previously demonstrated expertise in abusing Windows tools and an in-depth understanding of the platform.

Check Point releases emergency fix for VPN zero-day exploited in attacks.

News URL

https://www.bleepingcomputer.com/news/security/black-basta-ransomware-gang-linked-to-windows-zero-day-attacks/