Clop ransomware lists victims of Cleo cyber attacks
- Hackers have recently been spotted exploiting a flaw in multiple Cleo software tools
- The Cl0p ransomware gang took responsibility for the attack
- The group has started listing victims on its website
Prolific ransomware threat actor Cl0p has added partial names of some of the companies that successfully targeted bugs in Cleo software. This is likely part of its pressure tactics, as it tries to extort money from its victims.
In early December this year, news broke that multiple managed file transfer tools from the same developer called Cleo Software were being exploited to carry out attacks and possibly steal data. At the time, cybersecurity researchers at Huntress claimed that LexiCom, VLTransfer, and Harmony were all vulnerable to CVE-2024-50623, an unrestricted file upload and download vulnerability that could lead to remote code execution.
Cleo is said to have released a patch in October that did not fully resolve the problem, leaving the doors open to hackers. Only Huntress said it had observed at least 24 victims. At the time, investigators were unable to attribute the attack to a specific group because the evidence was inconclusive, but it wasn’t long before Cl0p came forward to claim responsibility.
Listing victims
For those who don’t know, Cl0p is a threat actor best known for exploiting flaws in MOVEit, another managed file transfer tool. This attack resulted in thousands of organizations being breached and sensitive data of millions of people stolen.
Now, TechCrunch reported that the group took credit for stealing data from at least 66 companies because it listed their partial names on its website. The gang apparently said they would soon reveal the full names of their victims.
“Victim organizations to date include several consumer products companies, logistics and shipping organizations, and food suppliers,” Huntress said at the time.
Shortly after Huntress’ announcement, the US Cybersecurity and Infrastructure Security Agency (CISA) added the Cleo bug to the Known Exploited Vulnerabilities (KEV) catalog, confirmed the findings and gave federal agencies three weeks to fix the tools or stop completely.
Via TechCrunch