The Americans have released joint Cybersecurity Advisory (CISA, FBI, HHS, MS-ISAC) against the Black Basta ransomware. It is alleged that as of May 2024, more than 500 organizations worldwide have been affected by Black Basta, including businesses and critical infrastructure in North America, Australia and Europe. 12 of 16 critical infrastructure sectors are affected.
The ransomware was first spotted in April 2022. Initial Access is obtained through phishing or exploitation of the February vulnerability AuthBypass in ConnectWise ScreenConnect (CVE-2024-1709).
Privilege Escalation and Lateral Movement Toolkit: Mimikatz and Vulnerability Exploitation ZeroLogon (CVE-2020-1472), NoPac (CVE-2021-42278, CVE-2021-42287), PrintNightmare (CVE-2021-34527). Patches have been available for years, but organizations have not installed them. 🤷♂️ Perhaps they hoped that the perimeter would never be breached. 😏
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.