BlackBasta

Also known as: BlackBasta

Black Basta is a new ransomware strain discovered during April 2022 - looks in dev since at least early February 2022 - and due to their ability to quickly amass new victims and the style of their negotiations, this is likely not a new operation but rather a rebrand of a previous top-tier ransomware gang that brought along their affiliates.

Introduction

Black Basta is a new ransomware strain discovered during April 2022 - looks in dev since at least early February 2022 - and due to their ability to quickly amass new victims and the style of their negotiations, this is likely not a new operation but rather a rebrand of a previous top-tier ransomware gang that brought along their affiliates.

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No separately curated network indicators or file hashes are listed for this actor. Known exploited vulnerabilities appear in the CISA Known Exploited Vulnerabilities (KEV) section below.

Malware and Tools

  • BlackEnergy:
  • BLACKCOFFEE:
  • Blackshades:
  • BlackNix:
  • BlackHole:

Attribution and Evidence

Information pending cataloguing.

References

References pending cataloguing.

CISA Known Exploited Vulnerabilities (KEV)

The following CVEs are known to be exploited by this actor, listed in the CISA KEV catalog.

CVE ID Vendor Product Date Added
CVE-2024-23113 Fortinet Multiple Products 2024-10-09
CVE-2024-26169 Microsoft Windows 2024-06-13
CVE-2024-1086 Linux Kernel 2024-05-30
CVE-2024-3400 Palo Alto Networks PAN-OS 2024-04-12
CVE-2024-21762 Fortinet FortiOS 2024-02-09
CVE-2023-22515 Atlassian Confluence Data Center and Server 2023-10-05
CVE-2023-3519 Citrix NetScaler ADC and NetScaler Gateway 2023-07-19
CVE-2022-41082 Microsoft Exchange Server 2022-09-30
CVE-2022-41040 Microsoft Exchange Server 2022-09-30
CVE-2022-27925 Synacor Zimbra Collaboration Suite (ZCS) 2022-08-11
CVE-2022-30190 Microsoft Windows 2022-06-14
CVE-2022-26134 Atlassian Confluence Server/Data Center 2022-06-02
CVE-2022-30525 Zyxel Multiple Firewalls 2022-05-16
CVE-2022-1388 F5 BIG-IP 2022-05-10
CVE-2021-42287 Microsoft Active Directory 2022-04-11
CVE-2021-42278 Microsoft Active Directory 2022-04-11
CVE-2021-40444 Microsoft MSHTML 2021-11-03