| Category | Details |
|---|---|
| Threat Actors | Termite ransomware gang; possible connections to Clop ransomware gang. |
| Campaign Overview | Exploitation of a vulnerability in Cleo file-sharing software products, deploying a new malware family “Malichus.” |
| Target Regions | North America, primarily the US. |
| Methodology | Exploitation of Cleo vulnerabilities for initial access, persistence, and reconnaissance; no ransomware observed yet. |
| Product Targeted | Cleo Harmony, VLTrader, LexiCom (file-sharing software). |
| Malware Reference | Malichus malware family. |
| Tools Used | Shodan (for scanning), malware payload with C2 communication. |
| Vulnerabilities Exploited | CVE-2024-50623 and a potential second vulnerability related to Cleo’s file-sharing software. |
| TTPs | Vulnerability exploitation, persistence mechanisms, enumeration, potential reconnaissance activities. |
| Attribution | Termite ransomware gang; indirect linkage to Clop based on operational similarities. |
| Recommendations | Immediate patching, blocking identified malicious IPs, monitoring for persistence, applying multi-layered security. |
| Source | The Record |
Read full article: https://therecord.media/cleo-urges-customers-to-immediately-patch-systems-after-exploitation
The above summary has been generated by an AI language model
Leave a Reply