Ransomware Attackers May Have Used Privilege Escalation…

216.73.216.6

Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day

· Published 12/06/2024 13:01 · Modified 12/06/2024 13:31

Essential information

Published: 12/06/2024 13:01
Modified: 12/06/2024 13:31
Tags: 2024-06-12 black basta
Related entities: 1 vulnerabilities (cve), 5 observables, 14 techniques (mitre), 2 malware

Description

Recent analysis by a cybersecurity firm suggests that a ransomware group might have exploited a Windows privilege escalation vulnerability, CVE-2024-26169, before it was patched. The vulnerability, which was addressed in March 2024, could allow attackers to elevate their privileges. Evidence from an exploit tool deployed in attempted attacks resembles tactics used by the Cardinal cybercrime group, known for operating the Black Basta ransomware. The tool's compilation timestamps predate the vulnerability's patching, indicating it was potentially leveraged as a zero-day.

External references

https://symantec-enterprise-blogs.security.com/threat-intelligence/black-basta-ransomware-zero-day
https://otx.alienvault.com/pulse/66699c44e633dec9c09e5752