Cybercrime,
Fraud Management & Cybercrime
Cybercriminals Claim to Have Breached 66 Companies
The Clop cybercriminal group has issued threats to publicly disclose the identities of 66 companies allegedly compromised in a widespread hack targeting managed file transfer software developed by Cleo Communications.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
Operating under the alias Cl0p, this ransomware extortion organization, believed to be based in Russia, recently claimed responsibility for large-scale attacks on several managed file transfer platforms, including Harmony, VLTrader, and LexiCom, all created by Cleo, which is headquartered in Rockford, Illinois. This follows a prior announcement detailing exploits utilized against Cleo’s software.
In a December 24 update posted on their dark web leak site, Clop stated that they possess data related to numerous Cleo clients and indicated their intention to release the names of at least 66 affected companies within a 48-hour period. The group reports that they are actively reaching out to the companies involved, providing them with extortion demands after having already leaked the initial five letters of their names.
In response to the threats, Cleo released an urgent patch on December 11 after detecting signs of extensive exploitation. Cyber attackers appear to be leveraging an unrestricted file upload vulnerability linked to CVE-2024-50623. An earlier patch issued in October was apparently insufficient to mitigate these attacks. Reports from Rapid7 suggest that hackers may also have utilized a new file-write vulnerability, CVE-2024-55956, allowing them to manipulate the target systems and gain the necessary credentials to execute malware remotely.
Cleo has recommended its customers to swiftly apply the latest security updates.
It is still uncertain how long the attackers have been exploiting these vulnerabilities. According to Arctic Wolf, “The campaign began on December 7 and is ongoing as of the time of this article’s publication.”
Clop has previously demonstrated expertise in mass exploitation of file transfer software. Notably, they executed a sophisticated attack against MOVEit software over Memorial Day weekend in 2023, impacting over 2,770 organizations and compromising data for over 95 million individuals, as reported by security firm Emsisoft. Earlier in the same year, Clop was also responsible for a major breach of Fortra’s GoAnywhere MFT software, leveraging zero-day vulnerabilities. In December 2020, they exploited similar flaws to target the Accellion File Transfer Appliance, leading to global incidents.
