| Attribute | Details |
|---|---|
| Threat Actors | Ransomware operators |
| Campaign Overview | Exploitation of CVE-2024-50623 in Cleo MFT software by threat actors |
| Target Regions (Or Victims) | Large enterprises using Cleo Harmony®, VLTrader®, LexiCom® |
| Methodology | Arbitrary File Read/Write exploitation via the /Synchronization endpoint |
| Product Targeted | Cleo Harmony® (up to v5.8.0.21), Cleo VLTrader® (up to v5.8.0.21), Cleo LexiCom® (up to v5.8.0.21) |
| Malware Reference | Huntress video showcasing RCE and Arbitrary File Write exploits |
| Tools Used | Java decompiler, patch diffing tools, HTTP commands |
| Vulnerabilities Exploited | CVE-2024-50623 (Arbitrary File Read/Write, RCE) |
| TTPs | Arbitrary File Read, Arbitrary File Write, Path Traversal |
| Attribution | Huntress observed threat actors exploiting the vulnerability |
| Recommendations | Apply security patches, disable autoruns feature to limit attack surface |
| Source | Watch Towr Labs |
Read full article: https://labs.watchtowr.com/cleo-cve-2024-50623/
The above summary has been generated by an AI language model
Leave a Reply