thecyberthrone.in
Open in
urlscan Pro
192.0.78.151
Public Scan
URL:
https://thecyberthrone.in/2024/12/17/clop-ransomware-exploits-cleo-vulnerability-in-its-attacks/
Submission: On December 17 via api from IN — Scanned from US
Submission: On December 17 via api from IN — Scanned from US
Form analysis 5 forms found in the DOM
GET https://thecyberthrone.in/
<form method="get" class="search-form" action="https://thecyberthrone.in/">
<input type="hidden" name="post_type" value="product">
<label>
<input type="search" class="search-field form-control" placeholder="Search for products..." value="" name="s">
</label>
<input type="submit" class="search-submit btn btn-primary mt-3" value="Search">
</form><form id="commentform" class="comment-form">
<iframe title="Comment Form"
src="https://jetpack.wordpress.com/jetpack-comment/?blogid=172946585&postid=35435&comment_registration=0&require_name_email=0&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=b83247a0af&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=14.2-a.3&iframe_unique_id=1&show_cookie_consent=10&has_cookie_consent=0&is_current_user_subscribed=0&token_key=%3Bnormal%3B&sig=216c6b9f3111c48c4fe9b8dfc65070341ec4ae76#parent=https%3A%2F%2Fthecyberthrone.in%2F2024%2F12%2F17%2Fclop-ransomware-exploits-cleo-vulnerability-in-its-attacks%2F"
name="jetpack_remote_comment" style="width: 100%; height: 2px; border: 0px;" class="jetpack_remote_comment" id="jetpack_remote_comment" sandbox="allow-same-origin allow-top-navigation allow-scripts allow-forms allow-popups" scrolling="no">
</iframe>
<!--[if !IE]><!-->
<!--<![endif]-->
</form>POST https://wordpress.com/email-subscriptions
<form action="https://wordpress.com/email-subscriptions" method="post" accept-charset="utf-8" data-blog="172946585" data-post_access_level="everybody" data-subscriber_email="" id="subscribe-blog">
<div class="wp-block-jetpack-subscriptions__form-elements">
<p id="subscribe-email">
<label id="subscribe-field-label" for="subscribe-field" class="screen-reader-text"> Type your email… </label>
<input required="required" type="email" name="email" class="no-border-radius " style="font-size: 16px;padding: 15px 23px 15px 23px;border-radius: 0px;border-width: 1px;" placeholder="Type your email…" value="" id="subscribe-field"
title="Please fill in this field.">
</p>
<p id="subscribe-submit">
<input type="hidden" name="action" value="subscribe">
<input type="hidden" name="blog_id" value="172946585">
<input type="hidden" name="source" value="https://thecyberthrone.in/2024/12/17/clop-ransomware-exploits-cleo-vulnerability-in-its-attacks/">
<input type="hidden" name="sub-type" value="subscribe-block">
<input type="hidden" name="app_source" value="">
<input type="hidden" name="redirect_fragment" value="subscribe-blog">
<input type="hidden" name="lang" value="en_US">
<input type="hidden" id="_wpnonce" name="_wpnonce" value="6b274adf92"><input type="hidden" name="_wp_http_referer" value="/2024/12/17/clop-ransomware-exploits-cleo-vulnerability-in-its-attacks/"><input type="hidden" name="post_id"
value="35435"> <button type="submit" class="wp-block-button__link no-border-radius" style="font-size: 16px;padding: 15px 23px 15px 23px;margin: 0; margin-left: 10px;border-radius: 0px;border-width: 1px;" name="jetpack_subscriptions_widget">
Subscribe <span class="jetpack-memberships-spinner"> <svg width="24" height="24" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
<path d="M12,1A11,11,0,1,0,23,12,11,11,0,0,0,12,1Zm0,19a8,8,0,1,1,8-8A8,8,0,0,1,12,20Z" opacity=".25" fill="currentColor"></path>
<path d="M10.14,1.16a11,11,0,0,0-9,8.92A1.59,1.59,0,0,0,2.46,12,1.52,1.52,0,0,0,4.11,10.7a8,8,0,0,1,6.66-6.61A1.42,1.42,0,0,0,12,2.69h0A1.57,1.57,0,0,0,10.14,1.16Z" class="jetpack-memberships-spinner-rotating" fill="currentColor"></path>
</svg></span></button>
</p>
</div>
</form>POST https://wordpress.com/email-subscriptions
<form action="https://wordpress.com/email-subscriptions" method="post" accept-charset="utf-8" data-blog="172946585" data-post_access_level="everybody" data-subscriber_email="" id="subscribe-blog-2">
<div class="wp-block-jetpack-subscriptions__form-elements">
<p id="subscribe-email">
<label id="subscribe-field-2-label" for="subscribe-field-2" class="screen-reader-text"> Type your email… </label>
<input required="required" type="email" name="email" style="font-size: 16px;padding: 15px 23px 15px 23px;border-radius: 50px;border-width: 1px;" placeholder="Type your email…" value="" id="subscribe-field-2" title="Please fill in this field.">
</p>
<p id="subscribe-submit">
<input type="hidden" name="action" value="subscribe">
<input type="hidden" name="blog_id" value="172946585">
<input type="hidden" name="source" value="https://thecyberthrone.in/2024/12/17/clop-ransomware-exploits-cleo-vulnerability-in-its-attacks/">
<input type="hidden" name="sub-type" value="subscribe-block">
<input type="hidden" name="app_source" value="atomic-subscription-modal-lo">
<input type="hidden" name="redirect_fragment" value="subscribe-blog-2">
<input type="hidden" name="lang" value="en_US">
<input type="hidden" id="_wpnonce" name="_wpnonce" value="6b274adf92"><input type="hidden" name="_wp_http_referer" value="/2024/12/17/clop-ransomware-exploits-cleo-vulnerability-in-its-attacks/"><input type="hidden" name="post_id"
value="35435"> <button type="submit" class="wp-block-button__link" style="font-size: 16px;padding: 15px 23px 15px 23px;margin: 0; margin-left: 10px;border-radius: 50px;border-width: 1px;" name="jetpack_subscriptions_widget"> Subscribe <span
class="jetpack-memberships-spinner"> <svg width="24" height="24" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
<path d="M12,1A11,11,0,1,0,23,12,11,11,0,0,0,12,1Zm0,19a8,8,0,1,1,8-8A8,8,0,0,1,12,20Z" opacity=".25" fill="currentColor"></path>
<path d="M10.14,1.16a11,11,0,0,0-9,8.92A1.59,1.59,0,0,0,2.46,12,1.52,1.52,0,0,0,4.11,10.7a8,8,0,0,1,6.66-6.61A1.42,1.42,0,0,0,12,2.69h0A1.57,1.57,0,0,0,10.14,1.16Z" class="jetpack-memberships-spinner-rotating" fill="currentColor"></path>
</svg></span></button>
</p>
</div>
</form><form id="jp-carousel-comment-form">
<label for="jp-carousel-comment-form-comment-field" class="screen-reader-text">Write a Comment...</label><textarea name="comment" class="jp-carousel-comment-form-field jp-carousel-comment-form-textarea" id="jp-carousel-comment-form-comment-field"
placeholder="Write a Comment..."></textarea>
<div id="jp-carousel-comment-form-submit-and-info-wrapper">
<div id="jp-carousel-comment-form-commenting-as">
<fieldset>
<label for="jp-carousel-comment-form-email-field">Email</label>
<input type="text" name="email" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-email-field">
</fieldset>
<fieldset>
<label for="jp-carousel-comment-form-author-field">Name</label>
<input type="text" name="author" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-author-field">
</fieldset>
<fieldset>
<label for="jp-carousel-comment-form-url-field">Website</label>
<input type="text" name="url" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-url-field">
</fieldset>
</div>
<input type="submit" name="submit" class="jp-carousel-comment-form-button" id="jp-carousel-comment-form-button-submit" value="Post Comment">
</div>
</form>Text Content
Skip to content
TheCyberThrone
Thinking Security ! Always
--------------------------------------------------------------------------------
* Latest Story
* AI
* Application Security
* Cloud Security
* AWS Security
* Azure Security
* Google Security
* Container Security
* Data Breaches
* Email Security
* Mobile Security
* Security Acquisition
* ZeroDay
* Certification Guide
* Cloud Certifications
* Network Certifications
* Security Certifications
* Security NewsLetter
* About Author
CLOP RANSOMWARE EXPLOITS CLEO VULNERABILITY IN ITS ATTACKS
BY PravinKarthik December 17, 2024
--------------------------------------------------------------------------------
The Clop ransomware gang has recently claimed responsibility for a series of
sophisticated data theft attacks targeting Cleo, a prominent provider of managed
file transfer software. These attacks exploited zero-day vulnerabilities in
Cleo’s file transfer platforms, specifically Cleo Harmony, VLTrader, and
LexiCom, to steal sensitive corporate data.
OVERVIEW OF THE ATTACK
The Clop ransomware gang has leveraged zero-day vulnerabilities, which are
previously unknown security flaws, to breach Cleo’s systems. This breach allowed
them to gain unauthorized access to sensitive data and exfiltrate it. The
vulnerabilities, notably CVE-2024-50623, facilitated unrestricted file uploads
and downloads, leading to potential remote code execution. Although Cleo had
released a patch in October to address this flaw, cybersecurity firm Huntress
discovered that the initial patch was incomplete, which the attackers were able
to bypass.
Advertisements
METHOD OF EXPLOITATION
The attackers employed a multi-step approach to exploit the vulnerabilities:
1. Initial Breach: By exploiting the zero-day vulnerabilities, the attackers
gained initial access to Cleo’s file transfer platforms.
2. Payload Deployment: They uploaded a sophisticated JAVA backdoor, which
provided persistent access and control over the compromised networks.
3. Data Exfiltration: Using the backdoor, the attackers were able to steal
sensitive corporate data, including financial records, intellectual
property, and confidential communications.
IMPACT AND CONSEQUENCES
The Clop ransomware gang’s attacks have had significant repercussions:
* Data Breach: The theft of sensitive data can lead to financial losses, legal
liabilities, and reputational damage for affected organizations.
* Operational Disruption: The attacks can cause operational disruptions as
companies scramble to secure their networks and recover from the breach.
* Increased Cyber Threat: These incidents highlight the growing sophistication
of cyber threats and the need for robust cybersecurity measures.
RESPONSE AND RECOMMENDATIONS
Advertisements
In response to the attacks, Cleo has issued another critical update to address
the vulnerabilities and enhance security measures. Organizations using Cleo’s
file transfer platforms are strongly advised to take the following actions:
1. Apply Latest Security Patches: Ensure all systems are updated to the latest
versions to mitigate the risks associated with these vulnerabilities.
2. Conduct Security Audits: Regularly review and audit systems to identify and
address potential vulnerabilities promptly.
3. Implement Robust Security Measures: Strengthen security protocols, such as
network segmentation, multi-factor authentication, and regular backups, to
prevent unauthorized access and minimize the impact of potential breaches.
Considering the history of attacks with file transfer applications previously,
CISA added this vulnerability to its Known Exploited Vulnerabilities Catalog.
CONCLUSION
The Clop ransomware gang’s attack on Cleo underscores the critical importance of
maintaining vigilance and robust security practices in today’s digital
landscape. Organizations must stay proactive in updating and securing their
systems to protect against evolving cyber threats.
SHARE THIS:
*
*
*
* WhatsApp
* Save
* Reddit
*
* Telegram
* Mastodon
*
LIKE THIS:
Like Loading...
RELATED STORIES
CISA ADDS CLEO VULNERABILITY CVE-2024-50623 TO KEV CATALOG
The US CISA adds Cleo vulnerability to its Known Exploited Vulnerabilities
Catalog based on the evidence of active exploitation reported. Security vendor
Huntress was the first to publicize the attacks, revealing that the remote code
execution (RCE) vulnerability affects Cleo Harmony, VLTrader, and LexiCom
products. This critical security flaw stems…
CL0P RANSOMWARE HAVOC WITH GOANYWHERE MFT EXPLOIT
City of Toronto suffers a data breach caused by Clop ransomware, the gang
responsible for exploiting the vulnerability in GoAnywhere. The Clop ransomware
gang listed the city of Toronto on its data leak site. The data breach was
possible using the zero-day vulnerability in Forta’s GoAnywhere file transfer
solution. The…
CL0P RANSOMWARE EXPLOITS GOANYWHERE MFT BUG
The Clop ransomware group claims that it has stolen sensitive data from over 130
organizations by exploiting Fortra’s GoAnywhere MFT secure file transfer tool
tracked as CVE-2023-0669. Fortra advisory says the zero-day is a remote code
injection issue that impacts GoAnywhere MFT. The vulnerability can only be
exploited by attackers with access…
Tags: Cleo Vulnerability, Clop Ransomware, CVE-2024-50623, Security
POST NAVIGATION
CISA KEV Catalog Update Part IV – December 2024
LEAVE A REPLYCANCEL REPLY
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Advertisements
TRENDING POST
* Exploit Code released for Spring Framework CVE-2024-38819
* Apache Struts was affected by CVE-2024-53677
* Dell fixes CVE-2024-37143 and CVE-2024-38144 vulnerabilities
* AuthQuake vulnerability with Microsoft to Bypass MFA
* Microsoft Patch Tuesday December 2024
* Django was affected by CVE-2024-53907 and CVE-2024-53908
ARCHIVES
Archives Select Month December 2024 (40) November 2024 (73) October 2024 (81)
September 2024 (65) August 2024 (75) July 2024 (61) June 2024 (50) May 2024
(49) April 2024 (42) March 2024 (43) February 2024 (36) January 2024 (51)
December 2023 (67) November 2023 (66) October 2023 (80) September 2023 (95)
August 2023 (98) July 2023 (109) June 2023 (87) May 2023 (83) April 2023
(95) March 2023 (107) February 2023 (96) January 2023 (87) December 2022
(100) November 2022 (95) October 2022 (72) September 2022 (97) August 2022
(103) July 2022 (86) June 2022 (113) May 2022 (101) April 2022 (98) March
2022 (122) February 2022 (121) January 2022 (168) December 2021 (175)
November 2021 (137) October 2021 (130) September 2021 (109) August 2021
(128) July 2021 (109) June 2021 (108) May 2021 (81) April 2021 (73) March
2021 (72) February 2021 (68) January 2021 (85) December 2020 (63) November
2020 (60) October 2020 (59) September 2020 (48) August 2020 (48) July 2020
(49) June 2020 (45) May 2020 (46) April 2020 (37) March 2020 (34) February
2020 (15)
Clcik
CLICK TO SUBSCRIBE
Type your email…
Subscribe
FOLLOW US
* Facebook
* Twitter
* Instagram
Advertisements
© 2020-2024, TheCyberThrone.in, All Rights Reserved
TOP
DISCOVER MORE FROM THECYBERTHRONE
Subscribe now to keep reading and get access to the full archive.
Type your email…
Subscribe
Continue reading
Loading Comments...
Write a Comment...
Email Name Website
%d
Share