| Attribute | Details |
|---|---|
| Threat Actors | Termite ransomware group, unidentified hackers exploiting Cleo vulnerabilities |
| Campaign Overview | Active exploitation of a vulnerability (CVE-2024-50623) in Cleo’s file transfer products, even after a patch release. |
| Target Regions | Primarily industries dealing with consumer products, food, trucking, and shipping; potentially global targets. |
| Methodology | Exploiting unpatched and mispatched vulnerabilities in Cleo products to compromise systems. |
| Product Targeted | Cleo Harmony, VLTrader, LexiCom file transfer products |
| Malware Reference | Associated with Termite ransomware |
| Tools Used | File transfer products with CVE-2024-50623 vulnerability |
| Vulnerabilities Exploited | CVE-2024-50623 in Cleo products |
| TTPs | Vulnerability exploitation, ransomware deployment, data theft |
| Attribution | Linked to the Termite ransomware group and broader opportunistic hackers exploiting Cleo vulnerabilities. |
| Recommendations | Move Cleo systems behind a firewall, monitor systems for evidence of compromise, apply future patches, and check Cleo’s security bulletins. |
| Source | The Record |
Read full article: https://therecord.media/multiple-cleo-file-transfer-products-exploited-by-hackers
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply