| Category | Details |
|---|---|
| Threat Actors | Termite ransomware gang, Babuk ransomware variant, Cerber ransomware variant, PSAUX ransomware actors |
| Campaign Overview | Ransomware gangs exploiting vulnerabilities in Cleo file-sharing products (Cleo Harmony, VLTrader, LexiCom) and CyberPanel. |
| Target Regions (Victims) | Organizations across the U.S., including those in consumer products, shipping, and retail supply industries. |
| Methodology | Exploiting unpatched vulnerabilities (CVE-2024-50623 in Cleo products, CVE-2024-51378 in CyberPanel). Infecting web servers and targeting enterprise-level services. |
| Product Targeted | Cleo Harmony, VLTrader, LexiCom (file-sharing), CyberPanel (web hosting and management). |
| Malware Reference | Babuk ransomware variant, Cerber ransomware variant, PSAUX ransomware. |
| Tools Used | Vulnerabilities in Cleo and CyberPanel, GitHub repository for PSAUX ransomware distribution. |
| Vulnerabilities Exploited | CVE-2024-50623 (Cleo file-sharing products), CVE-2024-51378 (CyberPanel). |
| TTPs | ➡ Exploitation of poorly patched vulnerabilities ➡ Opportunistic attacks on exposed services ➡ Deployment of ransomware through web server infections |
| Attribution | Vulnerabilities exploited by multiple ransomware groups, including Termite and PSAUX actors. |
| Recommendations | ➡ Patch CVE-2024-50623 and CVE-2024-51378 immediately ➡ Monitor web hosting and file-sharing servers for suspicious activity ➡ Update software to latest versions. |
| Source | The Record |
Read full article: https://therecord.media/cisa-ransomware-cleo-cyberpanel-bugs
The above summary has been generated by an AI language model
Leave a Reply