The notorious Clop ransomware gang has officially claimed responsibility for recent cyber attacks targeting Cleo’s file transfer platforms. The attacks exploited a critical vulnerability (CVE-2024-50623) in Cleo’s managed file transfer solutions: Harmony, VLTrader, and LexiCom.
The Breach Timeline:
– October 2023: Cleo attempted to patch a vulnerability allowing unauthorized file access
– Recent discovery: Cybersecurity firm Huntress found the patch was incomplete
– Attackers exploited the weakness to deploy JAVA backdoors, enabling data theft and network infiltration
Attack Methodology:
The threat actors utilized zero-day exploits to:
– Gain unauthorized system access
– Upload malicious backdoors
– Execute remote commands
– Steal sensitive data
Clop’s Track Record:
The gang has a history of targeting file transfer platforms:
– 2020: Accellion FTA breach (100+ organizations affected)
– 2021: SolarWinds Serv-U FTP exploitation
– 2023: GoAnywhere MFT attack (100+ companies)
– 2023: MOVEit Transfer platform breach (2,773 organizations impacted)
Current Status:
– Clop announced deletion of previous attack data
– Focus shifted to new victims from Cleo attacks
– Exact number of affected organizations remains unknown
– U.S. State Department offers $10 million bounty for information linking Clop to foreign governments
The incident highlights the ongoing vulnerability of file transfer systems and the sophisticated nature of modern ransomware operations.