New data that researchers at SentinelOne uncovered show that the notorious, financially-motivated FIN7 threat group may be behind—or has strong ties—to the Black Basta ransomware operation [300 words].
Why that matters: FIN7 has a record going back to at least 2012. The threat actor has looted more than $1.2 billion from victims around the world over its 10-year cybercrime career. Its victims have included numerous well-known companies such as Saks, Arby’s, Chipotle and Hudson’s Bay Brands. The threat actor has survived multiple attempts to take it down. Not even the arrest of three of its members—and the subsequently jailing of one in the US—has slowed the operation.
It’s involvement with Black Basta operation means the ransomware operation is being carried out by a highly professional, well-resourced, advanced-persistent threat actor. Black Basta surfaced in April 2022 and is already one of the biggest ransomware threats.
How to mitigate exposure: SentinelOne’s research showed that Black Basta operators are exploiting several critical and well-known vulnerabilities: The PrintNightmare RCE vulnerability (CVE-2021-34527) in Windows Print Spooler; the ZeroLogon privilege escalation flaw (CVE-2020-1472) in Windows Netlogon Remote Protocol and the “NoPac”, exploit chaining two critical Active Directory flaw CVE-2021-42278 and CVE-2021-42287. Black Basta operators are using the flaws to escalate privileges and gain domain/administrator level access in breached environments, so patching is one way to reduce exposure.
In many attacks, Black Basta operators have used initial access provided by the Qakbot trojan to conduct reconnaissance on a breached network. Qakbot operators have been known to sell access to compromised networks to Black Basta.
Other tools that they are using include a custom version of the free AdFind tool for gathering information about a domain’s AD environment, WMI and a network scanner from SoftPerfect.
For more:
Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor
