Press ESC to close

CISA warns of ransomware gangs exploiting Cleo, CyberPanel bugs

Category Details
Threat Actors Termite ransomware gang, Babuk ransomware variant, Cerber ransomware variant, PSAUX ransomware actors
Campaign Overview Ransomware gangs exploiting vulnerabilities in Cleo file-sharing products (Cleo Harmony, VLTrader, LexiCom) and CyberPanel.
Target Regions (Victims) Organizations across the U.S., including those in consumer products, shipping, and retail supply industries.
Methodology Exploiting unpatched vulnerabilities (CVE-2024-50623 in Cleo products, CVE-2024-51378 in CyberPanel). Infecting web servers and targeting enterprise-level services.
Product Targeted Cleo Harmony, VLTrader, LexiCom (file-sharing), CyberPanel (web hosting and management).
Malware Reference Babuk ransomware variant, Cerber ransomware variant, PSAUX ransomware.
Tools Used Vulnerabilities in Cleo and CyberPanel, GitHub repository for PSAUX ransomware distribution.
Vulnerabilities Exploited CVE-2024-50623 (Cleo file-sharing products), CVE-2024-51378 (CyberPanel).
TTPs ➡ Exploitation of poorly patched vulnerabilities
➡ Opportunistic attacks on exposed services
➡ Deployment of ransomware through web server infections
Attribution Vulnerabilities exploited by multiple ransomware groups, including Termite and PSAUX actors.
Recommendations ➡ Patch CVE-2024-50623 and CVE-2024-51378 immediately
➡ Monitor web hosting and file-sharing servers for suspicious activity
➡ Update software to latest versions.
Source The Record

Read full article: https://therecord.media/cisa-ransomware-cleo-cyberpanel-bugs

The above summary has been generated by an AI language model

Source: The Record

Published on: December 13, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *