Category | Details |
---|---|
Threat Actors | Termite ransomware gang, Babuk ransomware variant, Cerber ransomware variant, PSAUX ransomware actors |
Campaign Overview | Ransomware gangs exploiting vulnerabilities in Cleo file-sharing products (Cleo Harmony, VLTrader, LexiCom) and CyberPanel. |
Target Regions (Victims) | Organizations across the U.S., including those in consumer products, shipping, and retail supply industries. |
Methodology | Exploiting unpatched vulnerabilities (CVE-2024-50623 in Cleo products, CVE-2024-51378 in CyberPanel). Infecting web servers and targeting enterprise-level services. |
Product Targeted | Cleo Harmony, VLTrader, LexiCom (file-sharing), CyberPanel (web hosting and management). |
Malware Reference | Babuk ransomware variant, Cerber ransomware variant, PSAUX ransomware. |
Tools Used | Vulnerabilities in Cleo and CyberPanel, GitHub repository for PSAUX ransomware distribution. |
Vulnerabilities Exploited | CVE-2024-50623 (Cleo file-sharing products), CVE-2024-51378 (CyberPanel). |
TTPs | ➡ Exploitation of poorly patched vulnerabilities ➡ Opportunistic attacks on exposed services ➡ Deployment of ransomware through web server infections |
Attribution | Vulnerabilities exploited by multiple ransomware groups, including Termite and PSAUX actors. |
Recommendations | ➡ Patch CVE-2024-50623 and CVE-2024-51378 immediately ➡ Monitor web hosting and file-sharing servers for suspicious activity ➡ Update software to latest versions. |
Source | The Record |
Read full article: https://therecord.media/cisa-ransomware-cleo-cyberpanel-bugs
The above summary has been generated by an AI language model
Leave a Reply