In the logs, a number of vulnerabilities were highlighted, some of which are older but still prevalent in cyber attacks. One such vulnerability is the CVE-2022-30190 flaw in Microsoft Office’s remote template feature, commonly referred to as the Follina flaw, which has been exploited through malicious Word attachments. Additionally, other well-known vulnerabilities mentioned include Log4Shell (CVE-2021-44228), Spring4Shell (CVE-2022-22965), and ProxyNotShell (CVE-2022-41028, CVE-2022-41040).
The communication logs also revealed that Black Basta is quick to discuss newly released vulnerabilities, some of which they seemed to have knowledge of even prior to their official publication. Examples of these vulnerabilities include Fortinet FortiOS (CVE-2024-23113), Bricks Builder WordPress Theme (CVE-2024-25600), and Exim Email (CVE-2023-42115).
Furthermore, the VulnCheck researchers found that members of Black Basta wasted no time in discussing vulnerabilities related to various products such as Citrix NetScaler, Check Point Quantum Security Gateways, ConnectWise ScreenConnect, Microsoft Office Outlook, Fortinet FortiSIEM, Palo Alto Networks PAN-OS, Atlassian Confluence Server and Data Center, Cisco IOS XE Web UI, Microsoft Windows, GitLab CE/EE, and Fortinet FortiOS shortly after new security advisories were issued.
These discussions shed light on the depth of knowledge and the level of preparedness of threat actors like Black Basta in exploiting vulnerabilities to carry out cyber attacks. The fact that they are aware of vulnerabilities before they are officially disclosed indicates a high level of sophistication and access to insider information.
The use of such vulnerabilities in cyber attacks poses a significant threat to organizations and individuals alike. By leveraging these flaws in various software products and services, threat actors can gain unauthorized access, steal sensitive information, disrupt operations, and cause financial and reputational damage.
It is imperative for organizations to stay vigilant, keep their software up to date, and implement robust security measures to protect against potential cyber attacks exploiting these vulnerabilities. Additionally, collaboration with security researchers and threat intelligence groups can help in identifying, mitigating, and preventing threats posed by actors like Black Basta.
In conclusion, the revelation of the communication logs highlighting the discussions around vulnerabilities by threat actors like Black Basta underscores the ongoing arms race in the cybersecurity landscape. As new vulnerabilities are discovered and exploited by malicious actors, it is crucial for defenders to be proactive in addressing these threats to safeguard their digital assets and data from potential breaches and compromise.