23 Vulnerabilities in Black Basta's Chat Logs Exploited in Wild

GreyNoise’s internet-wide telemetry identified exploitation activity for 23 CVEs, including high-severity flaws in Palo Alto Networks PAN-OS, Cisco IOS XE, and Microsoft Exchange Server. These vulnerabilities span enterprise software, security appliances, and widely deployed web applications, with several critical flaws exploited as recently as the past 24 hours. Juniper’s Junos OS vulnerabilities (CVE-2023-36845 and CVE-2023-36844) continue to be exploited through PHP variable manipulation, enabling remote code execution on EX Series switches. GreyNoise has confirmed active exploitation of 23 out of 62 vulnerabilities referenced in internal chat logs attributed to the Black Basta ransomware group. High-traffic web platforms remain vulnerable, with CVE-2023-22515 (Atlassian Confluence access control bypass) and CVE-2022-26134 (Confluence Server remote code execution) actively exploited. With ransomware groups increasingly automating vulnerability exploitation, continuous monitoring, and infrastructure hardening have become non-negotiable components of modern cybersecurity programs. Notably, CVE-2023-6875, a missing authorization vulnerability in the WordPress plugin “Post SMTP Mailer,” has seen exploitation despite lacking KEV designation, highlighting the limitations of static vulnerability lists. Network appliances from Palo Alto, Cisco, and Juniper dominate the exploited vulnerabilities list. Microsoft Exchange Server vulnerabilities CVE-2021-26855 (ProxyLogon) and CVE-2022-41082 persist in attacker playbooks, enabling mailbox infiltration and server compromise. These exploits frequently precede ransomware deployment, with attackers leveraging initial access to disable security tools and exfiltrate data. The findings underscore the persistent targeting of known vulnerabilities, even those absent from government advisories like CISA’s Known Exploited Vulnerabilities (KEV) catalog. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The leaked logs, initially compiled by cybersecurity firm VulnCheck, provided a rare window into the vulnerabilities prioritized by ransomware operators. CVE-2024-3400, a command injection flaw in Palo Alto’s PAN-OS, enables unauthenticated attackers to execute arbitrary code with root privileges. The ConnectWise ScreenConnect flaw (CVE-2024-1709) has become particularly prevalent, with attackers exploiting authentication bypasses to implant remote access trojans. The reappearance of CVE-2021-44228 (Log4Shell) in exploitation attempts underscores the challenge of eradicating this ubiquitous logging library vulnerability. The operational tempo of attackers remains alarming, with 12 CVEs exploited within the past 24 hours alone. Similarly, CVE-2023-20198 in Cisco IOS XE’s web UI has resurfaced as a prime target, allowing attackers to create privileged accounts and deploy malicious implants.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 27 Feb 2025 04:05:38 +0000


Cyber News related to 23 Vulnerabilities in Black Basta's Chat Logs Exploited in Wild

More than $100 million in ransom paid to Black Basta gang over nearly 2 years - The Black Basta cybercrime gang has raked in at least $107 million in ransom payments since early 2022, according to research from blockchain security company Elliptic and Corvus Insurance. The group has infected more than 329 victim organizations ...
1 year ago Therecord.media FIN7 Black Basta
Black Basta Buster Utilizes Ransomware Flaw to Recover Files - Security research and consulting firm SRLabs exploited a vulnerability in the encryption algorithm of a specific strain of Black Basta ransomware to develop and release a decryptor tool named Black Basta Buster. This tool, released in response to the ...
1 year ago Heimdalsecurity.com FIN7 Black Basta
Black Basta ransomware made over $100 million from extortion - Russia-linked ransomware gang Black Basta has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022, according to joint research from Corvus Insurance and Elliptic. Over 329 victims ...
1 year ago Bleepingcomputer.com Carbanak FIN7 Qilin Black Basta
Black Basta's ransom haul tops $100M in less than 2 years - The Black Basta ransomware gang has raked in more than $100 million from victims of its double-extortion attacks since its emergence early last year, according to researchers. The haul - which included grabbing $9 million from one victim and more ...
1 year ago Packetstormsecurity.com LockBit Black Basta
New Black Basta decryptor exploits ransomware flaw to recover files - Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free. The decryptor allows Black Basta victims from November 2022 to this month to potentially recover their files for ...
1 year ago Bleepingcomputer.com Black Basta
Notorious Black Basta Tactics, Techniques and Procedures Uncovered From Leak - This security breach rivals the 2022 leaks that affected the Conti ransomware gang and has given threat intelligence experts valuable information about Black Basta’s capabilities, tools, and motivations. According to threat hunters at Intel471 ...
2 months ago Cybersecuritynews.com Black Basta Hunters
'Black Basta Buster' Exploits Ransomware Bug for File Recovery - Researchers have exploited a weakness in a particular strain of the Black Basta ransomware to release a decryptor for the malware, but it doesn't recover all of the files encrypted by the prolific cybercriminal gang. Security research and consulting ...
1 year ago Darkreading.com FIN7 Black Basta
Black Basta Ransomware Group Makes $100m Since 2022 - A prolific Russian-speaking ransomware group has made over $100m from dozens of victims since April 2022, new analysis has revealed. Corvus Insurance used the Elliptic Investigator blockchain forensics tool to lift the lid on the Black Basta group. ...
1 year ago Infosecurity-magazine.com Black Basta
Learn How to Decrypt Black Basta Ransomware Attack Without Paying Ransom - Researchers have created a tool designed to exploit a vulnerability in the Black Basta ransomware, allowing victims to recover their files without succumbing to ransom demands. This decryption tool potentially provides a remedy for individuals who ...
1 year ago Cysecurity.news FIN7 Black Basta
New Ransomware Threat Hits Hundreds of Organisations Worldwide - Until November 2023, this group with suspected ties to Russia has accumulated ransom payments totaling a minimum of $100 million from over 90 victims. In a recent joint report by the Cybersecurity and Infrastructure Security Agency and the Federal ...
1 year ago Cysecurity.news Black Basta
Black Basta ransomware gang's internal chat logs leak online - ExploitWhispers also shared information about some Black Basta ransomware gang members, including Lapa (one of the operation's admins), Cortes (a threat actor linked to the Qakbot group), YY (Black Basta's main administrator), and Trump (aka GG and ...
3 months ago Bleepingcomputer.com Black Basta
Toronto Public Library outages caused by Black Basta ransomware attack - The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack. The Toronto Public Library is Canada's largest public library system, giving access to 12 million books through 100 branch libraries across ...
1 year ago Bleepingcomputer.com Carbanak FIN7 Metaencryptor Black Basta
Hyundai Motor Europe hit by Black Basta ransomware attack - Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data. BleepingComputer first learned of the attack in early January, but when we contacted Hyundai, ...
1 year ago Bleepingcomputer.com Black Basta
Windows Quick Assist abused in Black Basta ransomware attacks - Financially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks. Microsoft has been investigating this campaign since at least mid-April 2024, ...
1 year ago Bleepingcomputer.com Black Basta
Black Basta is latest ransomware group to be hit by leak of chat logs | The Record from Recorded Future News - The Black Basta ransomware group has become the latest criminal enterprise to be hit by a release of internal chat logs, potentially revealing identifying details about the individuals behind the scheme and their operations. Unlike previous ...
3 months ago Therecord.media Black Basta
BlackBastaGPT – A ChatGPT Powered Tool to Uncover Ransomware Group Tactics - Cyber Security News - The leaker reportedly acted in retaliation against Black Basta’s alleged targeting of Russian banks, mirroring the 2022 Conti leak that followed the group’s pro-Russia stance on the Ukraine invasion. The leak, attributed to an individual using ...
3 months ago Cybersecuritynews.com Black Basta
CISA: Black Basta ransomware breached over 500 orgs worldwide - CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024. In a joint report published in collaboration with the Department of Health and Human Services and the Multi-State ...
1 year ago Bleepingcomputer.com LockBit Akira Black Basta
Microsoft Quick Assist Tool Abused for Ransomware Delivery - Cybercriminals who have been using the Black Basta ransomware have been observed abusing the remote management tool Quick Assist in vishing attacks, Microsoft reports. Active since 2022 and believed to have hit over 500 organizations globally, Black ...
1 year ago Packetstormsecurity.com Black Basta
SRLabs develops Black Basta ransomware decryptor - Researchers released a decryptor to help the numerous victims of one of 2023's most prolific double-extortion ransomware gangs, Black Basta, restore their compromised files for free. Black Basta is believed to have attacked well over 300 ...
1 year ago Packetstormsecurity.com Black Basta
Black Hat Europe 2023 Closes on Record-Breaking Event in London - PRESS RELEASE. LONDON, Dec. 20, 2023 - Black Hat, the cybersecurity industry's most established and in-depth security event series, today announced the successful completion of the in-person component of Black Hat Europe 2023. The event welcomed more ...
1 year ago Darkreading.com
Is that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs - Simply parsing through the logs may not always give you a complete picture either. This blog post will walk through the steps I have taken to build a bigger picture to make an attack observation, briefly going over various attacks such as malicious ...
1 year ago Isc.sans.edu
Black Basta Ransomware Attack Edge Network Devices With Automated Brute Force Attacks - After gaining initial access through compromised edge devices, Black Basta actors follow a structured attack chain deploying post-exploitation frameworks like Cobalt Strike or Brute Ratel to establish command-and-control channels, extract ...
2 months ago Cybersecuritynews.com Black Basta
23 Vulnerabilities in Black Basta's Chat Logs Exploited in Wild - GreyNoise’s internet-wide telemetry identified exploitation activity for 23 CVEs, including high-severity flaws in Palo Alto Networks PAN-OS, Cisco IOS XE, and Microsoft Exchange Server. These vulnerabilities span enterprise software, security ...
3 months ago Cybersecuritynews.com CVE-2023-36845 CVE-2023-36844 CVE-2023-22515 CVE-2022-26134 CVE-2023-6875 CVE-2021-26855 CVE-2022-41082 CVE-2024-3400 CVE-2024-1709 CVE-2021-44228 CVE-2023-20198 Black Basta
Flaw in Black Basta Ransomware Exploited to Create Decryptor - Researchers at cybersecurity firm Security Research Labs exploited a flaw found in the algorithm of a ransomware variant used by the high-profile threat group Black Basta to develop a decryptor that can help some victims recover their encrypted ...
1 year ago Securityboulevard.com Black Basta
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
1 year ago Bleepingcomputer.com LockBit Inc ransom Black Basta