Press ESC to close

Cleo urges customers to ‘immediately’ apply new patch as researchers discover new malware

Category Details
Threat Actors Termite ransomware gang; possible connections to Clop ransomware gang.
Campaign Overview Exploitation of a vulnerability in Cleo file-sharing software products, deploying a new malware family “Malichus.”
Target Regions North America, primarily the US.
Methodology Exploitation of Cleo vulnerabilities for initial access, persistence, and reconnaissance; no ransomware observed yet.
Product Targeted Cleo Harmony, VLTrader, LexiCom (file-sharing software).
Malware Reference Malichus malware family.
Tools Used Shodan (for scanning), malware payload with C2 communication.
Vulnerabilities Exploited CVE-2024-50623 and a potential second vulnerability related to Cleo’s file-sharing software.
TTPs Vulnerability exploitation, persistence mechanisms, enumeration, potential reconnaissance activities.
Attribution Termite ransomware gang; indirect linkage to Clop based on operational similarities.
Recommendations Immediate patching, blocking identified malicious IPs, monitoring for persistence, applying multi-layered security.
Source The Record

Read full article: https://therecord.media/cleo-urges-customers-to-immediately-patch-systems-after-exploitation

The above summary has been generated by an AI language model

Source: The Record

Published on: December 13, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *