The infamous Clop ransomware gang hurled itself into the limelight again by claiming to infiltrate dozens of businesses through a lingering loophole in the American software corporation, Cleo’s file transfer programmes. The notorious Russia-associated group listed 59 organizations they supposedly compromised using this significant flaw in Cleo’s software tools.
This glitch mars Cleo’s LexiCom, VLTransfer, and Harmony products, which were identified in a security advisory by Cleo in October 2024. However, it wasn’t until December that security analysts found hackers capitalizing massively on this vulnerability.
Clop supposedly contacted the organizations it hacked, but no negotiations ensued. The gang now threatens to disclose the allegedly pilfered data by January 18, unless their ransom demands are satisfied.
Particular interest resided in file transferring tools for the ransomware group, lured by the sensitive information often harbored within these systems. These scenarios have unfolded in the past where the Clop gang capitalized on vulnerabilities within Progress Software’s and Fortra’s file transfer software.
The recent hack spree had some companies admitting to data breaches, while others disputed Clop’s statements. Covestro, a German manufacturing titan, acknowledged certain data areas infiltrated by Clop’s assault on Cleo systems. On the contrary, Hertz, a leading U.S car rental enterprise, and Linfox, an Australian logistics firm, refuted any compromise to their systems.
Notably, software supply chain giant Blue Yonder also featured on Clop’s list. Despite confirming a ransomware attack occurrence in November, Blue Yonder disassociated the incident from Cleo’s vulnerability, though it failed to back the claim.
It’s presently uncertified to establish the number of companies targeted, with Cleo itself listed as a Clop victim. How this unravels remains unseen as we eagerly anticipate responses from the remaining organizations listed on Clop’s dark web site.
Original source: Read the full article on TechCrunch
