Attribute | Details |
---|---|
Threat Actors | Financially motivated adversaries |
Campaign Overview | Exploitation of Cleo file transfer software vulnerabilities |
Target Regions | Customer environments globally |
Methodology | Exploiting CVE-2024-50623 through remote code execution |
Product Targeted | Cleo Harmony, Cleo VLTrader, Cleo LexiCom |
Malware Reference | Remote code execution artifacts, PowerShell, enumeration tools |
Tools Used | PowerShell, Autorun Directory exploitation |
Vulnerabilities | CVE-2024-50623 (Cross-Site Scripting – CWE-79) |
TTPs | Enumeration, post-exploitation, remote command execution |
Attribution | Huntress, Rapid7, Cleo |
Recommendations | Apply mitigations, disable Autorun Directory, place products behind firewall |
Source | Rapid7 |
Read full article:https://www.rapid7.com/blog/post/2024/12/10/etr-widespread-exploitation-of-cleo-file-transfer-software-cve-2024-50623/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply