
The Cl0p gang that previously successfully attacked file transfer software platforms by exploiting zero-day vulnerabilities is now starting to leak data from yet another campaign targeting file transfer software. This time, it’s CLEO. Cybersecurity Dive reports:
Blue Yonder said it is investigating a threat after Clop listed the supply chain management company among nearly 60 companies the ransomware group claims it hacked. The attacks were linked to exploited vulnerabilities in Cleo file-transfer software, according to researchers from Zscaler and Huntress.
[…]
The threat is linked to vulnerabilities in Cleo Harmony, VLTrader and Lexicom. Cleo in October had warned of an unrestricted file upload and download vulnerability listed as CVE-2024-50623, but Huntress researchers found the patch for that flaw was not offering adequate protection.
A second vulnerability, listed as CVE-2024-55956, can allow an unauthenticated attacker to import and execute arbitrary bash or Powershell commands on a host system. That vulnerability was assigned a CVE in December, just days after a patch was issued.
Read more at Cybersecurity Dive. Blue Yonder is just one of more than 60 Cleo clients whose data Clop threatens to leak starting on Saturday if they do not pay the gang’s ransom demands. Clop does not encrypt their victims, but exfiltrates data and then demands payment not to leak it publicly. Although many sites still refer to them as a ransomware gang, they pretty much abandoned ransomware in 2022 and have been using the hack + extortion approach.