Clop Gang Strikes Again: Zero-Day Exploit Used in Massive Cleo Data Breach

Clop Gang Strikes Again: Zero-Day Exploit Used in Massive Cleo Data Breach

Clop Ransomware Gang Claims Responsibility for Cleo Data Breaches

The notorious Clop ransomware gang has officially claimed responsibility for recent cyber attacks targeting Cleo’s file transfer platforms. The attacks exploited a critical vulnerability (CVE-2024-50623) in Cleo’s managed file transfer solutions: Harmony, VLTrader, and LexiCom.

The Breach Timeline:
– October 2023: Cleo attempted to patch a vulnerability allowing unauthorized file access
– Recent discovery: Cybersecurity firm Huntress found the patch was incomplete
– Attackers exploited the weakness to deploy JAVA backdoors, enabling data theft and network infiltration

Attack Methodology:
The threat actors utilized zero-day exploits to:
– Gain unauthorized system access
– Upload malicious backdoors
– Execute remote commands
– Steal sensitive data

Clop’s Track Record:
The gang has a history of targeting file transfer platforms:
– 2020: Accellion FTA breach (100+ organizations affected)
– 2021: SolarWinds Serv-U FTP exploitation
– 2023: GoAnywhere MFT attack (100+ companies)
– 2023: MOVEit Transfer platform breach (2,773 organizations impacted)

Current Status:
– Clop announced deletion of previous attack data
– Focus shifted to new victims from Cleo attacks
– Exact number of affected organizations remains unknown
– U.S. State Department offers $10 million bounty for information linking Clop to foreign governments

The incident highlights the ongoing vulnerability of file transfer systems and the sophisticated nature of modern ransomware operations.

Share This Article