Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiGuest
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPhish
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiWAN
- FortiVoice
- FortiWeb
- Lacework
- FortiAppSec Cloud
- RMA Information and Announcements
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiRecon
FortiRecon is a digital risk protection (DRP) service that allows customers to gain visibility of their digital attack surface, receive targeted threat intelligence, and reduce organisational risk.
- Fortinet Community
- Knowledge Base
- FortiRecon
- Outbreak Alert: Black Basta Ransomware
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
|
FortiRecon Digital Risk Protection (DRP), a SaaS-based service, includes External Attack Surface Management, Brand Protection, and Adversary Centric Intelligence.
Adversary Centric Intelligence (ACI): leverages FortiGuard Threat Analysis to provide comprehensive coverage of dark web, open-source, and technical threat intelligence, including threat actor insights to enable organizations to respond proactively assess risks, respond faster to incidents, better understand their attackers, and guard assets.
Ransomware Intelligence Module under Adversary Centric Intelligence (ACI) provides insights into Ransomware Groups and their victims, which enables organizations to monitor supply chain risk and better understand the ransomware landscape.
|
|
| Adversary | BlackBasta Ransomware |
| Description | Black Basta is a RaaS program that emerged in April 2022 with ransomware samples dating back to February 2022. Current intelligence indicates that Black Basta emerged from the crumbled ashes of the Conti operation. The ransomware is written in the C++ programming language and supports Windows and Linux operating systems. Black Basta operators use the double extortion scheme threatening victim organizations with leaking exfiltrated data on the threat group's TOR-based web site Basta News should the victims not pay ransom. |
| Exploited Vulnerabilities |
|
| ACI Reporting Coverage | 17 (TECHINT, OSINT) |
| Additional Information |
|
| CVE ID | CVE-2024-1709 |
| CVE Title | ConnectWise ScreenConnect Authentication Bypass Vulnerability |
| NVD Severity | Critical |
| FortiRecon Severity | Critical |
| FortiRecon Score | 92/100 |
| Exploited | Yes |
| Exploited by Ransomware Group(s) | Yes (BlackBasta Ransomware) |
| Exploited by APT Group(s) | Yes (unc5174, kimsuky) |
| Included in CISA KEV List | Yes |
| Available working exploit(s) | 1 |
| Available POC exploit(s) | 4 |
| Darknet Mention(s) | 2 (cronos) |
| Telegram Mention(s) | 1 (APT Iran) |
| FortiRecon Intelligence Reporting(s) | 7 (OSINT, TECHINT) |
| Social Media Mention(s) | 7 |
| EASM Scanner | No |
| CVE ID | CVE-2024-1708 |
| CVE Title | ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems. |
| NVD Severity | HIGH |
| FortiRecon Severity | CRITICAL |
| FortiRecon Score | 92/100 |
| Exploited | Yes |
| Exploited by Ransomware Group(s) | Yes (black basta ransomware operators, lockbit, bl00dy ransomware operators) |
| Exploited by APT Group(s) | Yes (unc5174, kimsuky) |
| Included in CISA KEV List | No |
| Available working exploit(s) | 1 |
| Available POC exploit(s) | 2 |
| Darknet Mention(s) | 0 |
| Telegram Mention(s) | 1 (مرکز تحقیقاتی APT IRAN) |
| FortiRecon Intelligence Reporting(s) | 7 (Technical Intelligence, Media Trends, HUMINT) |
| Social Media Mention(s) | 6 |
| EASM Scanner | No |
| CVE ID | CVE-2022-30190 |
| CVE Title | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability |
| NVD Severity | HIGH |
| FortiRecon Severity | CRITICAL |
| FortiRecon Score | 95/100 |
| Exploited | Yes |
| Exploited by Ransomware Group(s) | Yes (BlackBasta Ransomware) |
| Exploited by APT Group(s) | Yes (apt28, ta413, uac-0098, uac-0113, unc33471) |
| Included in CISA KEV List | Yes |
| Available working exploit(s) | 3 |
| Available POC exploit(s) | 0 |
| Darknet Mention(s) | 4 (cryptbb, xss) |
| Telegram Mention(s) | 24 (WARLOCK DARK ARMY, Exploit Service, مرکز تحقیقاتی APT IRAN, Termux Israel, Волосатый бублик, ARVIN, Pwncore.co [ Ex Pwnd! ], DragonForce Malaysia, vx-underground, FCP) |
| FortiRecon Intelligence Reporting(s) | 32 (Darknet, Technical Intelligence, OSINT) |
| Social Media Mention(s) | 28 |
| EASM Scanner | No |
| CVE ID | CVE-2022-41091 |
| CVE Title | Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability |
| NVD Severity | MEDIUM |
| FortiRecon Severity | HIGH |
| FortiRecon Score | 70/100 |
| Exploited | Yes |
| Exploited by Ransomware Group(s) | Yes (blackbasta ransomware operators) |
| Exploited by APT Group(s) | No |
| Included in CISA KEV List | Yes |
| Available working exploit(s) | 0 |
| Available POC exploit(s) | 0 |
| Darknet Mention(s) | 0 |
| Telegram Mention(s) | 0 |
| FortiRecon Intelligence Reporting(s) | 2 (Technical Intelligence) |
| Social Media Mention(s) | 503 |
| EASM Scanner | No |
| CVE ID | CVE-2021-42278 |
| CVE Title | Microsoft Active Directory Domain Services Privilege Escalation Vulnerability |
| NVD Severity | HIGH |
| FortiRecon Severity | HIGH |
| FortiRecon Score | 78/100 |
| Exploited | Yes |
| Exploited by Ransomware Group(s) | Yes (BlackBasta Ransomware) |
| Exploited by APT Group(s) | No |
| Included in CISA KEV List | Yes |
| Available working exploit(s) | 0 |
| Available POC exploit(s) | 12 |
| Darknet Mention(s) | 1 (breachforums) |
| Telegram Mention(s) | 10 (Exploit Service, club1337, Волосатый бублик, Ralf Hacker Channel, Zer0Day Lab) |
| FortiRecon Intelligence Reporting(s) | 2 (Technical Intelligence, OSINT) |
| Social Media Mention(s) | 18 |
| EASM Scanner | No |
| CVE ID | CVE-2021-34527 |
| CVE Title | Microsoft Windows Print Spooler Remote Code Execution Vulnerability |
| NVD Severity | HIGH |
| FortiRecon Severity | CRITICAL |
| FortiRecon Score | 92/100 |
| Exploited | Yes |
| Exploited by Ransomware Group(s) | Yes (Magniber ransomware, BlackBasta Ransomware, Vice society ransomware , V-society, Conti ransomware operators) |
| Exploited by APT Group(s) | Yes (Unknown) |
| Included in CISA KEV List | Yes |
| Available working exploit(s) | 1 |
| Available POC exploit(s) | 35 |
| Darknet Mention(s) | 0 |
| Telegram Mention(s) | 11 (Exploit Service, مرکز تحقیقاتی APT IRAN, club1337, Волосатый бублик, Freedom F0x, Кардинг | Пластик) |
| FortiRecon Intelligence Reporting(s) | 16 (Darknet, Technical Intelligence, Media Trends) |
| Social Media Mention(s) | 26 |
| EASM Scanner | No |
| CVE ID | CVE-2021-42287 |
| CVE Title | Active Directory Domain Services Elevation of Privilege Vulnerability |
| NVD Severity | High |
| FortiRecon Severity | Critical |
| FortiRecon Score | 91 |
| Exploited | Yes |
| Exploited by Ransomware Group(s) | Yes (BlackBasta Ransomware) |
| Exploited by APT Group(s) | No |
| Included in CISA KEV List | Yes |
| Available working exploit(s) | 0 |
| Available POC exploit(s) | 11 |
| Darknet Mention(s) | 0 |
| Telegram Mention(s) | 10 (Exploit Service, club1337, Волосатый бублик, Ralf Hacker Channel, Zer0Day Lab) |
| FortiRecon Intelligence Reporting(s) | 2 (Technical Intelligence, OSINT) |
| Social Media Mention(s) | 18 |
| EASM Scanner | No |
| CVE ID | CVE-2020-1472 |
| CVE Title | Microsoft Netlogon Privilege Escalation Vulnerability |
| NVD Severity | MEDIUM |
| FortiRecon Severity | High |
| FortiRecon Score | 80/100 |
| Exploited | Yes |
| Exploited by Ransomware Group(s) | Yes (BlackBasta Ransomware, Industrial spy ransomware operators, Cuba ransomware operators, Ryuk ransomware operators, Conti ransomware operators) |
| Exploited by APT Group(s) | Yes (apt15, apt10) |
| Included in CISA KEV List | Yes |
| Available working exploit(s) | 3 |
| Available POC exploit(s) | 68 |
| Darknet Mention(s) | 24 (xss, 90sec, exploit, ramp) |
| Telegram Mention(s) | 24 (Exploit Service, club1337, Волосатый бублик, Freedom F0x, Egyptian Hackers, Ralf Hacker Channel, Хакер {Hacker}, ANTICHAT Channel) |
| FortiRecon Intelligence Reporting(s) | 28 (TECHINT, OSINT, DARKNET) |
| Social Media Mention(s) | 67 |
| EASM Scanner | No |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.