Created on 2025-02-28 23:49 and updated on 2025-03-01 00:04.

Description

Leaked ransomware chat logs reveal Black Basta’s targeted CVEs.

On February 11, 2025, a major leak exposed BLACKBASTA's internal Matrix chat logs. The leaker claimed they released the data because the group was targeting Russian banks. This leak closely resembles the previous Conti leaks.

Cybercrime group focused on Microsoft vulnerabilities as well as flaws in network edge devices and communications software.

We have sightings from MISP and The Shadowserver fundation related to the rejected CVE:

• CVE-2024-21683
• ghsa-vr88-2hv2-5jvf

Vulnerabilities included in this bundle

• CVE-2023-4966: Unauthenticated sensitive information disclosure
• CVE-2024-27198:
• CVE-2024-25600:
• CVE-2022-22965:
• CVE-2023-7028:
• CVE-2024-21378:
• CVE-2021-44228:
• CVE-2021-42321:
• CVE-2023-36874:
• CVE-2023-36394:
• CVE-2021-26855:
• CVE-2017-5753:
• CVE-2023-35628:
• CVE-2024-21762:
• CVE-2023-42793:
• CVE-2022-1388:
• CVE-2024-1708:
• CVE-2023-3519:
• CVE-2022-37969:
• CVE-2023-42115:
• CVE-2023-36844:
• CVE-2023-36845:
• CVE-2024-23108:
• CVE-2024-23113:
• CVE-2023-36884:
• CVE-2022-41352:
• CVE-2023-21716:
• CVE-2024-3400:
• CVE-2024-1086:
• CVE-2024-23897:
• CVE-2023-38831:
• CVE-2023-3467:
• CVE-2023-23397:
• CVE-2022-27925:
• CVE-2017-11882:
• CVE-2022-41082:
• CVE-2021-28482:
• CVE-2023-20198:
• CVE-2024-21338:
• CVE-2022-37042:
• CVE-2021-42287:
• CVE-2017-5754:
• CVE-2024-21683:
• CVE-2023-7027:
• CVE-2024-24919:
• CVE-2024-21413:
• CVE-2023-3466:
• CVE-2023-22515:
• CVE-2024-1709:
• CVE-2022-41040:
• CVE-2022-0609:
• CVE-2024-23109:
• CVE-2020-1472:
• CVE-2023-6875:
• CVE-2022-30190:
• CVE-2023-36745:
• CVE-2021-42278:
• CVE-2024-26169:
• CVE-2022-26134:
• CVE-2021-40444:
• CVE-2022-30525:
• CVE-2023-29357:
• GHSA-vr88-2hv2-5jvf:

Author

Cédric Bonhomme

---

Combined sightings