CL0P Ransomware: Latest Attacks
Essential information
- Published
- 12/02/2025 16:15
- Modified
- 12/02/2025 20:44
- Tags
- 2025-02-12 CVE-2024-50623 cl0p cleo vulnerability data exfiltration evil corp manufacturing ransomware retail ta505 transportation
- Related entities
- 1 vulnerabilities (cve), 6 observables, 1 intrusion sets (apt), 35 techniques (mitre), 1 malware, 5 others
Description
The Cl0p ransomware group has recently targeted 43 organizations across various industries, with a focus on Manufacturing, Retail, and Transportation sectors. The majority of victims are located in the US, Canada, and Europe. The attackers likely exploited the Cleo vulnerability (CVE-2024-50623) for initial access. Over 1.6 million assets are potentially vulnerable to this exploit. The report provides IOCs, MITRE ATT&CK techniques, and YARA rules for detection. Cl0p is associated with the Russian cybercriminal group TA505/Evil Corp, known for custom malware development and sophisticated attack techniques. Recommendations include prioritizing patch management, implementing robust email filtering, and strengthening overall security posture.