HQ/EMEAFind out how we can help your business
The notorious Clop ransomware group recently confirmed that it is one of the perpetrators of the Cleo data theft campaign.
The incident is a malicious attack utilising zero-day exploits to access business networks and steal data. On the other hand, the affected entity is the developer of the managed file transfer systems Cleo Harmony, VLTrader, and LexiCom.
The campaign may significantly impact businesses using the systems to exchange files with their partners and consumers securely. In October, the company already addressed the vulnerability, CVE-2024-50623, which allowed uncontrolled file uploads and downloads, resulting in remote code execution.
However, an assessment of the fix revealed that it was insufficient, and threat actors actively used a bypass to execute data theft attacks. Additionally, the threat actors uploaded a JAVA backdoor that enabled them to steal data, execute instructions, and gain more access to the compromised network after exploiting this vulnerability.
Last week, CISA revealed that the CVE-2024-50623 bug in Cleo Harmony, VLTrader, and LexiCom file transfer software was exploited in ransomware attacks. Still, the alleged affected firm never officially acknowledged that the original weakness they thought they fixed in October had been exploited.
Clop has taken responsibility for the Cleo data theft attacks.
The Cleo data theft attacks were previously supposed to be executed by a new ransomware gang called Termite. However, the data theft operations were more consistent with the previous attacks orchestrated by the Clop ransomware group.
After a recent inquiry by concerned individuals last week, the ransomware gang revealed that they were responsible for the current exploitation of the Cleo vulnerability.
Though, this extortion group has recently claimed that it will delete data related to previous attacks from its data leak server and will only work with new organisations breached during the Cleo attacks.
The Clop ransomware gang declined to answer how many organisations were affected and whether they are linked to the Termite ransomware gang. Cleo has yet to confirm whether the alleged group was responsible for exploiting its vulnerabilities to initiate the data theft operations.
