- Aug 17, 2017
- 1,609
The Black Basta ransomware operation is suspected of exploiting a Windows privilege escalation vulnerability (CVE-2024-26169) as a zero-day before a fix was made available.
The flaw is a high-severity issue (CVSS v3.1: 7.8) in the Windows Error Reporting Service, allowing attackers to elevate their privileges to SYSTEM.
Microsoft fixed the flaw on March 12, 2024, via its monthly Patch Tuesday updates, while its status on the vendor's page shows no active exploitation.
A report by Symantec says that CVE-2024-26169 has been actively exploited by the Cardinal cybercrime group (Storm-1811, UNC4394), the operators of the Black Basta gang, noting that there's a good chance it was leveraged as a zero-day.
Black Basta ransomware gang linked to Windows zero-day attacks
The Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available.
www.bleepingcomputer.com