The Black Basta ransomware operation is suspected of exploiting a Windows privilege escalation vulnerability (CVE-2024-26169) as a zero-day before a fix was made available.
The flaw is a high-severity issue (CVSS v3.1: 7.8) in the Windows Error Reporting Service, allowing attackers to elevate their privileges to SYSTEM.
Microsoft
fixed the flaw on March 12, 2024, via its monthly Patch Tuesday updates, while its status on the
vendor's page shows no active exploitation.
A report by Symantec says that CVE-2024-26169 has been actively exploited by the Cardinal cybercrime group (Storm-1811, UNC4394), the operators of the
Black Basta gang, noting that there's a good chance it was leveraged as a zero-day.
