1. Forum
  2. FidoNet
  3. POLITICS

  • 59 organizations reported

    From Mike Powell@1:2320/105 to All on Sat Jan 18 10:38:00 2025
    59 organizations reportedly victim to breaches caused by Cleo software bug

    Date:
    Fri, 17 Jan 2025 16:33:00 +0000

    Description:
    Unsurprisingly, spokespeople for Clops corporate victims are being coy about the extent of the intrusions into their servers, or refusing to admit any at all.

    FULL STORY

    Clop, the Russian state-linked ransomware group, has now claimed to have
    hacked 59 companies after exploiting a known bug in a number of file transfer applications developed by software house Cleo.

    The flaw, CVE-2024-50623 , affects Cleos LexiCom, VLTransfer and Harmony software, inadvertently enables remote code execution, and was first
    disclosed on October 30, 2024. Clop later published the list of victims on
    its dark web site , though many are denying that a breach has taken place.

    Clop is claiming to have issued intrusion notices to its victims, including Cleo itself, on its own website, but also that impacted companies are
    refusing to submit to ransom demands.

    Cleo RCE bug impact

    Przemyslaw Jedrysik, a spokesperson for German manufacturer Covestro, was one of the few willing to reveal the extent of the intrusion to TechCrunch .

    He disclosed unauthorized access by Clop to a US logistics server, but that
    it has since taken measures to ensure system integrity, enhance security monitoring and proactively notify customers. He also claimed that information on this server wasnt of a sensitive nature.

    Spokespeople for several companies including car rental firm Hertz and Australian logistics company Linfox have, however, explicitly denied
    intrusions in statements to TechCrunch .

    Clop also listed as a victim software supply chain enterprise Blue Yonder as
    a victim, though, at press time, it hasnt issued any cybersecurity incident updates since December 12, 2024. However, a spokesperson did say in a
    statement to TechCrunch that Blue Yonder does use Cleo software, and that it was investigating potential unauthorized access to its servers.

    The group is claiming itll disclose more of its victims in this attack on January 21, 2025, though the true scale of the attack remains unclear.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/59-organizations-reportedly-victim-to-b reaches-caused-by-cleo-software-bug

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)