- At press time, Cleos Lexicom, VLTransfer and Harmony contain a bug that it disclosed in October 2024
- Threat actors were first observed exploiting it in December 2024
- Ransomware group Clop has claimed 59 victims on its leak site, although some deny any intrusion
Clop, the Russian state-linked ransomware group, has now claimed to have hacked 59 companies after exploiting a known flaw in a number of file transfer applications developed by software house Cleo.
The flaw, CVE-2024-50623, affects Cleo’s LexiCom, VLTransfer, and Harmony software, enables accidental remote code execution, and was first disclosed on October 30, 2024. Clop later published the list of victims on his dark web site, though many have denied , that a violation has occurred.
Clop claims to have issued intrusion notices to its victims, including Cleo herself, on its own website, but also that affected companies are refusing to submit to ransom demands.
Cleo RCE error impact
Przemyslaw Jedrysik, a spokesman for German manufacturer Covestro, was one of the few willing to reveal the extent of the intrusion to TechCrunch.
He revealed unauthorized access by Clop to a US logistics server, but that it has since “taken measures to ensure system integrity, improve security monitoring and proactively notify customers”. He also claimed that the information on this server was not of a sensitive nature.
However, spokespeople for several companies, including car rental company Hertz and Australian logistics company Linfox, have explicitly denied the intrusion in statements to TechCrunch.
Clop also listed victim software supply chain company Blue Yonder as a victim, but at press time it has not issued any cybersecurity incident updates since December 12, 2024. However, a spokesperson said in a statement to TechCrunch that Blue Yonder uses Cleo software and that it investigated potential unauthorized access to its servers.
The group claims it will reveal more of its victims in this attack on January 21, 2025, although the true extent of the attack remains unclear.
