Black Basta may have exploited Microsoft flaw before a patch was issued
itpro
|
Contributed by: Sarah Richardson
Summary
The Black Basta ransomware group exploited a Windows privilege escalation vulnerability (CVE-2024-26169) before Microsoft issued a patch in March 2024. Symantec researchers found that an exploit tool, likely compiled pre-patch, was used in a recent attempted ransomware attack, though no payload was deployed. The tactics closely matched those of Black Basta, which has been active since 2022, targeting over 500 organizations primarily in the healthcare sector. This group evolved from the Conti ransomware and shifted infection vectors from Qakbot to the DarkGate loader after Qakbot was taken down in August 2023. Organizations are urged to patch the flaw immediately to mitigate the ongoing risk.
