Press ESC to close

Cleo File Transfer Vulnerabilities (CVE-2024-50623, CVE-2024-55956) – Cl0P’s Latest Attack Vector 

 

Category Details
Threat Actors Termite, Cl0p ransomware group
Campaign Overview Exploitation of Cleo file transfer software vulnerabilities (CVE-2024-50623, CVE-2024-55956), leading to data theft and ransomware attacks.
Target Regions Primarily North America, particularly the United States
Methodology Exploitation of vulnerabilities in Cleo Harmony, VLTrader, and LexiCom software to upload Java backdoors, enabling data theft and further network infiltration.
Products Targeted Cleo Harmony, VLTrader, LexiCom (versions before 5.8.0.24)
Malware Reference Malichus (Java-based malware used for post-exploitation activities like data theft, command execution, and lateral movement)
Tools Used Java backdoors, encoded PowerShell scripts
Vulnerabilities Exploited CVE-2024-50623 (CVSS 8.8, unrestricted file access, RCE) and CVE-2024-55956 (CVSS 9.8, similar exploitation path)
TTPs Use of vulnerable endpoints for file upload and execution, creating reverse shells, reconnaissance, and post-exploitation activities for data theft.
Attribution Termite (initially suspected); Cl0p (confirmed via statements on their leak site).
Recommendations Update Cleo products to version 5.8.0.24, disable Autorun directory, remove public-facing Cleo servers, improve firewall settings, and monitor for IOCs.
Source SOCRadar

Read full article: https://socradar.io/cleo-file-transfer-vulnerabilities-cl0ps-attack-vector/

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

Source: SOCRadar

Published on: December 16, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *