Cl0p ransomware has listed 63 organizations on its dark web victim site. The gang has recently been leveraging critical vulnerabilities affecting Cleo software, including Cleo Harmony, Cleo VLTrader, and Cleo LexiCom.
In a new announcement, the Cl0p operator published a list consisting of 63 partially concealed company names. Blue Yonder, a major supply chain software company, was the only fully disclosed victim at the time of writing.
Cl0p is threatening to publish the entire list of companies that ignore the demands on Monday, December 30th, 2024.
“We have data of many companies who use Cleo. Our teams are reaching and calling your company and provide your special secret chat,” the criminals posted.
The list appears to include some major corporations, as suggested by the listings “weste#####,” “hertz#####,” “thoms#####,” or others. However, positive identification remains impossible due to the redacted names.
BleepingComputer reports that Cl0p originally listed 66 companies that did not engage in negotiations.
The hackers leveraged critical zero-day vulnerabilities affecting Cleo software products, which are widely used for secure file transfer and business integration processes.
The two recently disclosed vulnerabilities, CVE-2024-50623 and CVE-2024-55956, have a severity rating of 9.8 out of 10. The flaws affect unpatched versions of Cleo Harmony (enterprise backup and recovery software), VLTrader, and LexiCom (secure file transfer and data integration software solutions).
The bugs allow unauthenticated users to import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. There is also an unrestricted file upload and download that could lead to remote code execution.
The US Cybersecurity and Infrastructure Security Agency (CISA) added the second vulnerability to its catalog of known exploited vulnerabilities on December 17th and warned that ransomware operators have been exploiting it.
Cleo patched the vulnerabilities and strongly advised all customers to immediately upgrade all instances of Harmony, VLTrader, and LexiCom to the latest released patch. The company claims to have more than 4,200 business customers.
Cl0p ransomware cartel is responsible for one of the largest ever hacking campaigns involving the MOVEit file transfer system. According to KonBriefing Research, the MOVEit attacks affected 2611 organizations and almost 90 million individuals last year.
After the Cleo attacks, the Cl0p operator claims that it will only work with the new companies and that the data of all affected parties “will be permanently deleted from servers.”
Your email address will not be published. Required fields are markedmarked