Clop ransomware lists Cleo cyberattack victims

News
By
published

The group listed partial names of 66 victims.

Lock on Laptop Screen
(Image credit: Shutterstock.com) (Image credit: Future)
  • Hackers were recently spotted abusing a flaw in multiple Cleo software tools
  • Cl0p ransomware gang took responsibility for the attack
  • The group has started listing victims on its website

The prolific ransomware threat actor Cl0p has added partial names of some of the companies that were successfully targeted through bugs in Cleo software. This is likely part of its pressure tactic, as it tries to extort money from its victims.

In early December this year, news broke that multiple managed file transfer tools from the same developer called Cleo Software were being abused to launch attacks and possibly steal data. At the time, cybersecurity researchers at Huntress claimed LexiCom, VLTransfer, and Harmony were all vulnerable to CVE-2024-50623, an unrestricted file upload and download vulnerability that could lead to remote code execution.

Cleo allegedly released a patch in October which didn’t entirely fix the issue, leaving the doors open to hackers. Huntress, alone, said it observed at least 24 victims. At the time, the researchers could not attribute the attack to any specific group, since the evidence was inconclusive, but it wasn’t long before Cl0p came forward to claim responsibility.

Listing victims

For those unaware, Cl0p is a threat actor best known for exploiting flaws in MOVEit, another managed file transfer tool. This attack resulted in thousands of breached organizations, and sensitive data on millions of people being stolen.

Now, TechCrunch reported that the group took credit for stealing data from at least 66 companies, as it listed their partial names on their website. The gang apparently said it would soon reveal full names of their victims.

“Victim organizations so far have included various consumer product companies, logistics and shipping organizations, and food suppliers,” Huntress said at the time.

Soon after Huntress’ announcement, the US Cybersecurity and Infrastructure Security Agency (CISA) added the Cleo bug to its Known Exploited Vulnerabilities (KEV) catalog, confirming the findings and giving federal agencies three weeks to patch up or stop using the tools entirely.

Via TechCrunch

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
59 organizations reportedly victim to breaches caused by Cleo software bug
Cl0p ransomware group says it was behind Cleo attacks
Cyber-security
Top file-sharing tools are being hit by security attacks once again
A person at a laptop with a cybersecure lock symbol floating above it.
Cybercrime gang targets victims with "triple threat" attacks
data recovery
Ghost ransomware has hit firms in over 70 countries, FBI and CISA warn
Data leak
US utility giant says MOVEit hack exposed stolen data
Latest in Security
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Web DDoS attacks see major surge as AI allows more powerful attacks
Polish space agency says it was hit by a cyberattack
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Latest in News
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Google Pixel 9 Pro
Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop
Bang & Olufsen Beogram 4000C Saint Laurent Rive Droite Edition
Bang & Olufsen's latest reworked turntable is a masterpiece of retro revival, in a breathtaking wooden presentation box
Apple Watch Series 10
Apple unveils new Apple Watch bands – here's what's in the Spring 2025 collection
More about security
A graphic showing fleet tracking locations over a city.

Lost & Found tracking site hit by major data breach - over 800,000 could be affected
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.

Microsoft Teams and other Windows tools hijacked to hack corporate networks
Daredevil standing in somebody's underground lair in Daredevil: Born Again season 1

Daredevil: Born Again is a fearless Disney+ revival of the best Netflix Marvel TV show that continues to restore my faith in the MCU
See more latest
Most Popular
A business woman looking at AI on a transparent screen
Businesses are facing an "AI Divide" - which could be the difference between success and failure
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Apple Vision Pro with Dassault Systèmes 3DEXPERIENCE platform
Dassault Systèmes teams up with Apple to use Vision Pro headsets to bring spatial CAD to life
Samsung 18.1-inch foldable OLED monitor
Samsung has launched a flexible portable monitor complete with a briefcase, one that seems to come straight from a James Bond movie
GenMachine Zhi mini pc
This is the smallest AMD PC I've ever seen: mysterious manufacturer uses Ryzen 3 APU with surprising results
Beelink ME Mini
One of our favorite mini PC vendors has launched a NAS that looks a bit like Apple's PowerMac G4 Cube PC - but way smaller
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Maserati MC20 Autonomous
This AI-driven Maserati just hit 197.7mph without a human behind the wheel
AI data center
Is Microsoft hesitating on AI? Days after CEO said it would be upping capacity, analyst claims tech giant has actually cancelled data center leases