{"id":137611,"date":"2024-12-16T08:34:55","date_gmt":"2024-12-16T01:34:55","guid":{"rendered":"https:\/\/hotvideos24.online\/?p=137611"},"modified":"2024-12-16T08:34:55","modified_gmt":"2024-12-16T01:34:55","slug":"clop-ransomware-claims-responsibility-for-cleo-data-theft-attacks","status":"publish","type":"post","link":"https:\/\/hotvideos24.online\/?p=137611","title":{"rendered":"Clop ransomware claims responsibility for Cleo data theft attacks"},"content":{"rendered":"<p> <script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<\/p>\n<div>\n<p style=\"text-align:center\"><img loading=\"lazy\" decoding=\"async\" alt=\"Hacker exploiting a flaw\" height=\"900\" src=\"https:\/\/www.bleepstatic.com\/content\/hl-images\/2024\/12\/15\/hacker-card.jpg\" width=\"1600\"\/><\/p>\n<p>The Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo data-theft attacks, utilizing zero-day exploits to breach corporate networks and steal data.<\/p>\n<p>Cleo is the developer of the managed file transfer platforms\u00a0Cleo Harmony, VLTrader, and LexiCom, which companies use to securely exchange files between their business partners and customers.<\/p>\n<p>In October, Cleo fixed a vulnerability tracked as\u00a0<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-50623\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2024-50623<\/a> that allowed unrestricted file uploads and downloads, leading to remote code execution.<\/p>\n<p>However, cybersecurity firm Huntress discovered last week that the original patch was incomplete and threat actors were <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-cleo-zero-day-rce-flaw-exploited-in-data-theft-attacks\/\" target=\"_blank\" rel=\"nofollow noopener\">actively exploiting a bypass to conduct data theft attacks<\/a>.<\/p>\n<p>While exploiting this vulnerability, the threat actors were uploading a JAVA backdoor that allowed the attackers to steal data, execute commands, and gain further access to the compromised network.<\/p>\n<p>On Friday, <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-confirms-critical-cleo-bug-exploitation-in-ransomware-attacks\/\" target=\"_blank\" rel=\"nofollow noopener\">\u200bCISA confirmed<\/a> that the critical CVE-2024-50623 security vulnerability in Cleo Harmony, VLTrader, and LexiCom file transfer software has been exploited in ransomware attacks. However, Cleo never publicly disclosed that the original flaw they attempted to fix in October was exploited.<\/p>\n<h2>Clop claims responsibility for Cleo data theft attacks<\/h2>\n<p>It was previously thought that the Cleo attacks were conducted by a new ransomware gang named Termite. However, the Cleo data theft attacks tracked more closely to previous attacks conducted by the Clop ransomware gang.<\/p>\n<p>After contacting Clop on Tuesday, the ransomware gang confirmed to BleepingComputer that they are behind the recent exploitation of the Cleo vulnerability detected by Huntress as well as the exploitation of the original CVE-2024-50623 flaw fixed in October.<\/p>\n<div class=\"fan_quote\">\n<p>&#8220;As for CLEO, it was our project (including the previous cleo) &#8211; which was successfully completed.<\/p>\n<p>All the information that we store, when working with it, we observe all\u00a0security measures. If the data is government services, institutions, medicine, then we will immediately delete this data without hesitation (let me remind you about the last time when it was with moveit &#8211; all government data, medicine, clinics, data of scientific research at the state level were deleted), we comply with our regulations.<\/p>\n<p>with love \u00a9 CL0P^_&#8221;<\/p>\n<p>\u2756 Clop told BleepingComputer<\/p><\/div>\n<p>The extortion gang has now announced that they are deleting\u00a0data associated with past attacks from their data leak server and will only work with new companies breached in the Cleo attacks.<\/p>\n<p>&#8220;Dear companies,\u00a0Due to recent events (attack of CLEO)\u00a0all links to data of all companies will be disabled and data will be permanently deleted from servers. We will work only with new companies,&#8221; reads a new message on the gang&#8217;s CL0P^_- LEAKS\u00a0extortion site.<\/p>\n<p>&#8220;Happy New Year \u00a9 CL0P^_\u00a0all of the victims from their data leak site.&#8221;<\/p>\n<div style=\"text-align:center\">\n<figure class=\"image\" style=\"display:inline-block\"><img loading=\"lazy\" decoding=\"async\" alt=\"Message on the\u00a0CL0P^_- LEAKS\u00a0extortion site\" height=\"400\" src=\"https:\/\/www.bleepstatic.com\/images\/news\/ransomware\/c\/clop\/cleo-data-theft-attacks\/clop-leaks-message.jpg\" width=\"843\"\/><figcaption><strong>Message on the\u00a0CL0P^_- LEAKS\u00a0extortion site<\/strong><br \/><em>Source: BleepingComputer<\/em><\/figcaption><\/figure>\n<\/div>\n<p>BleepingComputer asked Clop when the attacks began, how many companies were impacted, and if Clop was affiliated with the Termite ransomware gang, but did not receive a response to these questions.<\/p>\n<p>BleepingComputer also contacted Cleo on Friday to confirm if Clop was behind the exploitation of the vulnerabilities but did not receive a response.<\/p>\n<h2>Specializing in exploit file transfer platforms<\/h2>\n<p>The Clop ransomware gang, aka TA505 and Cl0p, launched in March 2019, when it first began targeting the enterprise using a\u00a0<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cryptomix-clop-ransomware-says-its-targeting-networks-not-computers\/\" target=\"_blank\" rel=\"nofollow noopener\">variant of the CryptoMix ransomware<\/a>.<\/p>\n<p>Like other ransomware gangs, Clop breached corporate networks and slowly spread laterally through its systems while stealing data and documents. When they have harvested everything of value, they deployed ransomware on the network to encrypt its devices.<\/p>\n<p>However, since 2020, the ransomware gang has specialized in targeting previously unknown vulnerabilities in secure file transfer platforms for data theft attacks.<\/p>\n<p>In December 2020, Clop <a href=\"https:\/\/www.bleepingcomputer.com\/tag\/accellion\/\" target=\"_blank\" rel=\"nofollow noopener\">exploited a zero-day in the Accellion FTA<\/a> secure file transfer platform, which impacted nearly one hundred organizations.<\/p>\n<p>Then in 2021, the ransomware gang <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/clop-gang-exploiting-solarwinds-serv-u-flaw-in-ransomware-attacks\/\" target=\"_blank\" rel=\"nofollow noopener\">exploited a zero-day in\u00a0SolarWinds Serv-U<\/a> FTP software to steal data and breach networks.<\/p>\n<p>In 2023, Clop <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fortra-shares-findings-on-goanywhere-mft-zero-day-attacks\/\" target=\"_blank\" rel=\"nofollow noopener\">exploited a zero-day in the GoAnywhere MFT platform<\/a>, allowing the ransomware gang to steal data from over 100 companies again.<\/p>\n<p>However, their most significant attack of this kind was using a <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/clop-ransomware-claims-responsibility-for-moveit-extortion-attacks\/\" target=\"_blank\" rel=\"nofollow noopener\">zero-day in the MOVEit Transfer platform<\/a> that allowed them to steal data from\u00a02,773 organizations, according to a <a href=\"https:\/\/www.emsisoft.com\/en\/blog\/44123\/unpacking-the-moveit-breach-statistics-and-analysis\/\" target=\"_blank\" rel=\"nofollow noopener\">report by Emsisoft<\/a>.<\/p>\n<p>At this time, it is not clear how many companies have been impacted by the Cleo data theft attacks, and BleepingComputer does not know of any companies who have confirmed being breached through the platform.<\/p>\n<p>The\u00a0U.S. State Department&#8217;s Rewards for Justice program currently has a <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/us-govt-offers-10-million-bounty-for-info-on-clop-ransomware\/\" target=\"_blank\" rel=\"nofollow noopener\">$10 million bounty<\/a>\u00a0for information linking the Clop ransomware attacks to a foreign government.<\/p>\n<\/p><\/div>\n<p><script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<br \/><div data-type=\"_mgwidget\" data-widget-id=\"1660802\">\r\n<\/div>\r\n<script>(function(w,q){w[q]=w[q]||[];w[q].push([\"_mgc.load\"])})(window,\"_mgq\");\r\n<\/script>\r\n<br \/>\n<br \/><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/clop-ransomware-claims-responsibility-for-cleo-data-theft-attacks\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo data-theft attacks, utilizing zero-day exploits to breach corporate networks and steal data. Cleo is the &hellip; <a href=\"https:\/\/hotvideos24.online\/?p=137611\" class=\"more-link\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-137611","post","type-post","status-publish","format-standard","hentry","category-business","entry"],"_links":{"self":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/137611","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=137611"}],"version-history":[{"count":0,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/137611\/revisions"}],"wp:attachment":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=137611"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=137611"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=137611"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}