Category | Details |
---|---|
Threat Actors | Termite ransomware gang; possible connections to Clop ransomware gang. |
Campaign Overview | Exploitation of a vulnerability in Cleo file-sharing software products, deploying a new malware family “Malichus.” |
Target Regions | North America, primarily the US. |
Methodology | Exploitation of Cleo vulnerabilities for initial access, persistence, and reconnaissance; no ransomware observed yet. |
Product Targeted | Cleo Harmony, VLTrader, LexiCom (file-sharing software). |
Malware Reference | Malichus malware family. |
Tools Used | Shodan (for scanning), malware payload with C2 communication. |
Vulnerabilities Exploited | CVE-2024-50623 and a potential second vulnerability related to Cleo’s file-sharing software. |
TTPs | Vulnerability exploitation, persistence mechanisms, enumeration, potential reconnaissance activities. |
Attribution | Termite ransomware gang; indirect linkage to Clop based on operational similarities. |
Recommendations | Immediate patching, blocking identified malicious IPs, monitoring for persistence, applying multi-layered security. |
Source | The Record |
Read full article: https://therecord.media/cleo-urges-customers-to-immediately-patch-systems-after-exploitation
The above summary has been generated by an AI language model
Leave a Reply