Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day
Recent analysis by a cybersecurity firm suggests that a ransomware group might have exploited a Windows privilege escalation vulnerability CVE-2024-26169 before it was patched. The vulnerability which was addressed in March 2024 could allow attackers to elevate their privileges. Evidence from an exploit tool deployed in attempted attacks resembles tactics used by the Cardinal cybercrime group known for operating the Black Basta ransomware. The tools compilation timestamps predate the vulnerabilitys patching indicating it was potentially leveraged as a zero-day.