TechCrunch News 01月16日
Clop ransomware gang names dozens of victims hit by Cleo mass-hack, but several firms dispute breaches
index_new5.html
../../../zaker_core/zaker_tpl_static/wap/tpl_guoji1.html

 

Clop 勒索软件团伙利用美国Cleo公司软件漏洞,声称攻击了数十家企业。该团伙列出59个受害组织,威胁1月18日公布所窃数据,除非支付赎金。一些企业确认遭入侵,也有企业对此否认。

🎯Clop利用Cleo软件漏洞攻击多家企业

💥威胁1月18日公布数据索要赎金

👁️部分企业确认遭入侵,部分否认

❓Cleo未回应相关问题

The prolific Clop ransomware gang has named dozens of corporate victims it claims to have hacked in recent weeks after exploiting a vulnerability in several enterprise popular file transfer products developed by U.S. software company Cleo. 

In a post on its dark web leak site, seen by TechCrunch, the Russia-linked Clop gang listed 59 organizations it claims to have breached by exploiting the high-risk bug in Cleo’s software tools. 

The flaw affects Cleo’s LexiCom, VLTransfer, and Harmony products. Cleo first disclosed the vulnerability in an October 2024 security advisory before security researchers observed hackers mass exploiting the vulnerability months later in December.

Clop claimed in its post that it notified the organizations it breached, but that the victim organizations did not negotiate with the hackers. Clop is threatening to publish the data it allegedly stole on January 18 unless its ransom demands are paid.  

Enterprise file transfer tools are a popular target among ransomware hackers — and Clop, in particular — given the sensitive data often stored in these systems. In recent years, the ransomware gang previously exploited vulnerabilities in Progress Software’s MOVEit Transfer product, and later took credit for the mass exploitation of a vulnerability in Fortra’s GoAnywhere managed file transfer software.

Following its most recent hacking spree, at least one company has confirmed an intrusion linked to Clop’s attacks on Cleo systems.

German manufacturing giant Covestro told TechCrunch that it had been contacted by Clop, and has since confirmed that the gang accessed certain data stores on its systems. 

“We confirmed there was unauthorized access to a U.S. logistics server, which is used to exchange shipping information with our transportation providers,” Covestro spokesperson Przemyslaw Jedrysik said in a statement. “In response, we have taken measures to ensure system integrity, enhance security monitoring and proactively notify customers. 

Jedrysik confirmed that “the majority of the information contained on the server was not of a sensitive nature,” but declined to say what types of data had been accessed. 

Other alleged victims that TechCrunch has spoken with have disputed Clop’s claims, and say they were not compromised as part of the gang’s latest mass-hack campaign. 

Emily Spencer, a spokesperson for U.S. car rental giant Hertz, said in a statement that the company is “aware” of Clop’s claims, but said there is “no evidence that Hertz data or Hertz systems have been impacted at this time.”

“Out of an abundance of caution, we are continuing to actively monitor this matter with the support of our third-party cybersecurity partner,” Spencer added. 

Christine Panayotou, a spokesperson for Linfox, an Australian logistics firm that Clop listed on its leak site, also disputed the gang’s claims, saying the company does not use Cleo software and has “not experienced a cyber incident involving its own systems.”

When asked if Linfox had data accessed due to a cyber incident involving a third-party, Panayotou did not respond. 

Spokespeople for Arrow Electronics and Western Alliance Bank also told TechCrunch that they have found no evidence that their systems had been compromised. 

Clop also listed the recently breached software supply chain giant Blue Yonder. The company, which confirmed a November ransomware attack, has not updated its cybersecurity incident page since December 12. 

When last reached by TechCrunch, Blue Yonder spokesperson Marina Renneke confirmed on December 26 that the company “uses Cleo to support and manage certain file transfers” and that it was investigating any potential access, but added that the company has “no reason to believe the Cleo vulnerability is connected to the cybersecurity incident we experienced in November.” The company did not provide evidence for the claim, nor provide any more recent comment when reached this week.

When asked by TechCrunch, none of the companies that responded would say if they had the technical means, such as logs, to detect access or exfiltration of their data.

TechCrunch has not yet received responses from the other organizations listed on Clop’s leak site. Clop claims it will add more victim organizations to its dark web leak site on January 21. 

It’s not yet known how many companies have been targeted, and Cleo — which itself has been listed as a victim of Clop — did not respond to TechCrunch’s questions. 

Fish AI Reader

Fish AI Reader

AI辅助创作,多种专业模板,深度分析,高质量内容生成。从观点提取到深度思考,FishAI为您提供全方位的创作支持。新版本引入自定义参数,让您的创作更加个性化和精准。

FishAI

FishAI

鱼阅,AI 时代的下一个智能信息助手,助你摆脱信息焦虑

联系邮箱 441953276@qq.com

相关标签

Clop 勒索软件 软件漏洞 企业攻击 数据威胁
相关文章