Medium
In February 2024, ConnectWise disclosed serious vulnerabilities (CVE-2024-1708 and CVE-2024-1709) in its ScreenConnect software versions 23.9.7 and earlier, allowing unauthorized access and control. Exploitation of these flaws has led to ransomware attacks, causing significant disruptions. ConnectWise has released critical security patches and urges customers to update to the latest version to mitigate risks. Black Basta, among other groups, exploited these vulnerabilities, deploying Cobalt Strike beacons for reconnaissance and privilege escalation. Another group, utilizing Cobalt Strike payloads, attempted to disable Windows Defender to evade detection. Additionally, the Bl00dy Ransomware group, using leaked builders from Conti and LockBit Black, capitalized on these vulnerabilities, identifying themselves through ransom notes. The Trellix Threat Intelligence Group (TIG) gathers and analyzes information from multiple open and closed sources before disseminating intelligence reports. This campaign was researched by Trend Micro and shared publicly https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html
Detection rate is the number of artifact detections reported by McAfee global sensors for this threat over 8 days.
The detection rate bubbles are sized based on the values below: