Leading hacker group Cl0p has announced plans to release the names of more than 60 organizations that have been hacked using vulnerabilities in its Cleo file transfer software, unless they respond to ransom demands.
Key units of the infamous Cl0p group continue their cyberattacks using the CVE-2024-50623 and CVE-2024-55956 vulnerabilities in Cleo software: Harmony, VLTrader, and LexiCom. These vulnerabilities allow attackers to steal data without authentication. So far, only one Blue Yonder supply chain management company has fallen victim to Cl0p. If the ransom is not paid, more than 60 more organizations could be affected by December 30. Additionally, a new group, Termite, also claimed involvement in the attack, raising suspicions of a link between the groups, and Cleo, which has more than 4,000 customers, confirmed that version 5.8.0.24 has been patched to address these vulnerabilities. However, the cyber attacks that have been ongoing since early December have raised concerns that these vulnerabilities could be exploited by other groups.
The Cl0p group is known for its zero-day attacks on popular file sharing systems such as MOVEit, which consist of stealing data and then extorting money through platforms on the Tor network. These incidents highlight the importance of timely software updates to protect organizations against such attacks.
Organizations using Cleo software tools should immediately install patches and strengthen their cyber defenses