Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cleo data breach. Show all posts
Zero-day vulnerability
Cleo data breach Clop Ransomware Gang CVE-2024-50623 exploit Data Breach data theft attack ransom payment negotiation Zero-day vulnerability

Clop Ransomware Gang Threatens 66 Companies with Data Leak After Cleo Breach

 

The Clop ransomware gang has intensified its extortion tactics following a data theft attack targeting Cleo software. On its dark web portal, the group revealed that 66 companies have been given 48 hours to meet their ransom demands.

According to Clop, the affected companies are being contacted directly with links to secure chat channels for negotiating ransom payments. Additionally, the hackers have provided email addresses for victims to initiate communication.

A notice on Clop’s data leak site lists partial names of 66 companies that have yet to engage in negotiations. The gang has threatened to reveal the full names of these companies if they continue to ignore the demands, implying that the actual number of affected organizations might be higher.

Clop exploited a zero-day vulnerability in Cleo LexiCom, VLTrader, and Harmony products to access data from compromised networks. This attack marks another significant breach for the ransomware group, known for targeting zero-day flaws in platforms like Accellion FTA, GoAnywhere MFT, and MOVEit Transfer in previous campaigns.

The vulnerability exploited in the Cleo software, tracked as CVE-2024-50623, allows remote attackers to upload and download files without restriction, enabling remote code execution. A fix is available in Cleo Harmony, VLTrader, and LexiCom version 5.8.0.21, but a private advisory warned that hackers have been leveraging the flaw to open reverse shells on affected networks.

Earlier this month, Huntress publicly disclosed the active exploitation of the vulnerability and warned that the vendor’s fix could be bypassed. The researchers also released a proof-of-concept (PoC) to demonstrate their findings. Days later, Clop confirmed to BleepingComputer that it was behind the exploitation of CVE-2024-50623.

The ransomware group announced it would delete data from previous attacks as it shifts focus to the current wave of extortion.

Macnica researcher Yutaka Sejiyama told BleepingComputer:"Even with the incomplete company names that Clop published on its data leak site, it is possible to identify some of the victims by simply cross-checking the hacker's hints with owners of Cleo servers exposed on the public web."

While the total number of companies affected remains unclear, Cleo states that its software serves over 4,000 organizations worldwide.
Read more »
Subscribe to: Posts (Atom)