2 min Security

Clop ransomware gang claims responsibility for Cleo attacks

Clop ransomware gang claims responsibility for Cleo attacks

The notorious Clop ransomware gang has declared itself responsible for the recent attacks on Cleo’s file transfer software. Zero day vulnerabilities in this software allowed the hackers to steal data from multiple corporate end users.

That’s what the group tells Bleeping Computer in a statement. The attack was made possible by vulnerabilities in the Cleo-managed file transfer platforms Cleo Harmony, VLTRader, and LexiCom. These platforms use business end users to securely transfer data with their own data.

Attack path

Cleo released a patch in October earlier this year that eliminated a vulnerability, CVE-2024-50623, that enabled unlimited file uploads and downloads and could eventually lead to an RCE attack.

However, security firm Huntress recently discovered that the original patch was incomplete. This allowed the hackers to exploit a bypass to enable data theft. This bypass allowed them to upload a JAVA backdoor that allowed them to steal data, execute commands, and gain further access to the attacked corporate network.

Notorious MOVEit attack

In the response, Clop’s hackers indicate they are behind the hacks. In addition, they indicated that they wanted to extort only for stolen data from new victims. Data from previous victims is said to have been deleted, with the same being the case for data from government agencies and health care.

Clop more often targets file transfer software. It is believed to be responsible for the highly notorious attack on the MOVEit Transfer platform, which allegedly captured data from some 2,773 companies and organizations.

Premium of $10 million

Meanwhile, a new vulnerability in the Cleo file transfer software and patch CVE-2024-50623 has been confirmed by U.S. cybersecurity regulator CISA. Cleo has not yet confirmed the vulnerability.

The U.S. government strongly suspects that the Clop ransomware gang has connections to foreign state actors. To prove this, the U.S. has set a $10 million bounty.

Also read: MOVEit attack claimed by Clop ransomware gang