GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs

GreyNoise has identified active exploitation of vulnerabilities previously discussed in leaked chat logs from the Black Basta ransomware group. Analysis reveals that 23 out of 62 CVEs mentioned in the logs are currently being exploited in the wild, with some activity observed within the last 24 hours. A significant finding involves CVE-2023-6875, which is actively targeted despite absent from CISA's Known Exploited Vulnerabilities catalog. This discrepancy highlights the critical need for organizations to rely on real-time threat intelligence rather than static vulnerability lists alone. The exposure indicates an elevated risk of ransomware attacks leveraging these specific weaknesses. Immediate patching of the identified CVEs is recommended to mitigate potential compromise. Security teams should enhance monitoring for exploitation attempts related to Black Basta's known tactics to prevent initial access and subsequent impact on critical infrastructure.

Ransomware group Black Basta’s chat logs were leaked, revealing 62 mentioned CVEs (Source: VulnCheck). GreyNoise identified 23 of these CVEs as actively exploited, with some targeted in the last 24 hours. Notably, CVE-2023-6875 is being exploited despite not appearing in CISA’s KEV catalog — reinforcing the need for real-time intelligence beyond static lists.

GreyNoise has identified active exploitation of vulnerabilities previously discussed in leaked chat logs from the Black Basta ransomware group. Analysis reveals that 23 out of 62 CVEs mentioned in the logs are currently being exploited in the wild, with some activity observed within the last 24 hours. A significant finding involves CVE-2023-6875, which is actively targeted despite absent from CISA's Known Exploited Vulnerabilities catalog. This discrepancy highlights the critical need for organizations to rely on real-time threat intelligence rather than static vulnerability lists alone. The exposure indicates an elevated risk of ransomware attacks leveraging these specific weaknesses. Immediate patching of the identified CVEs is recommended to mitigate potential compromise. Security teams should enhance monitoring for exploitation attempts related to Black Basta's known tactics to prevent initial access and subsequent impact on critical infrastructure. Ransomware group Black Basta’s chat logs were leaked, revealing 62 mentioned CVEs (Source: VulnCheck). GreyNoise identified 23 of these CVEs as actively exploited, with some targeted in the last 24 hours. Notably, CVE-2023-6875 is being exploited despite not appearing in CISA’s KEV catalog — reinforcing the need for real-time intelligence beyond static lists. Ransomware group Black Basta’s chat logs were leaked, revealing 62 mentioned CVEs (Source: VulnCheck). GreyNoise identified 23 of these CVEs as actively exploited, with some targeted in the last 24 hours. Notably, CVE-2023-6875 is being exploited despite not appearing in CISA’s KEV catalog — reinforcing the need for real-time intelligence beyond static lists.