Today > | 3 Medium vulnerabilities   -   You can now download lists of IOCs here!

Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day

June 12, 2024, 1:31 p.m.

Description

Recent analysis by a cybersecurity firm suggests that a ransomware group might have exploited a Windows privilege escalation vulnerability, CVE-2024-26169, before it was patched. The vulnerability, which was addressed in March 2024, could allow attackers to elevate their privileges. Evidence from an exploit tool deployed in attempted attacks resembles tactics used by the Cardinal cybercrime group, known for operating the Black Basta ransomware. The tool's compilation timestamps predate the vulnerability's patching, indicating it was potentially leveraged as a zero-day.

Date

Published: June 12, 2024, 1:01 p.m.

Created: June 12, 2024, 1:01 p.m.

Modified: June 12, 2024, 1:31 p.m.

Indicators

b73a7e25d224778172e394426c98b86215087d815296c71a3f76f738c720c1b0

a31e075bd5a2652917f91714fea4d272816c028d7734b36c84899cd583181b3d

4aae231fb5357c0647483181aeae47956ac66e42b6b134f5b90da76d8ec0ac63

3b3bd81232f517ba6d65c7838c205b301b0f27572fcfef9e5b86dd30a1d55a0d

2408be22f6184cdccec7a34e2e79711ff4957e42f1ed7b7ad63f914d37dba625

Attack Patterns

Black Basta - S1070

QakBot - S0650

T1137

T1567

T1489

T1574

T1105

T1055

T1569

T1499

T1566

T1133

T1078

T1068

T1003

T1059

CVE-2024-26169