The Cl0p ransomware group has recently targeted 43 organizations across various industries, with a focus on Manufacturing, Retail, and Transportation sectors. The majority of victims are located in the US, Canada, and Europe. The attackers likely exploited the Cleo vulnerability (CVE-2024-50623) for initial access. Over 1.6 million assets are potentially vulnerable to this exploit. The report provides IOCs, MITRE ATT&CK techniques, and YARA rules for detection. Cl0p is associated with the Russian cybercriminal group TA505/Evil Corp, known for custom malware development and sophisticated attack techniques. Recommendations include prioritizing patch management, implementing robust email filtering, and strengthening overall security posture. Author: AlienVault
Related Tags:
cleo vulnerability
ta505
Cl0p
T1036.001
CVE-2024-50623
T1550.002
T1566.001
T1055.001
T1070.004
Associated Indicators:
46B02CC186B85E11C3D59790C3A0BFD2AE1F82A5
31E0439E6EF1DD29C0DB6D96BAC59446
185.181.230.103
89.248.172.139
45.182.189.102
103.140.62.43
181.214.147.164