CL0P Ransomware: Latest Attacks
Feb. 12, 2025, 8:44 p.m.
Description
The Cl0p ransomware group has recently targeted 43 organizations across various industries, with a focus on Manufacturing, Retail, and Transportation sectors. The majority of victims are located in the US, Canada, and Europe. The attackers likely exploited the Cleo vulnerability (CVE-2024-50623) for initial access. Over 1.6 million assets are potentially vulnerable to this exploit. The report provides IOCs, MITRE ATT&CK techniques, and YARA rules for detection. Cl0p is associated with the Russian cybercriminal group TA505/Evil Corp, known for custom malware development and sophisticated attack techniques. Recommendations include prioritizing patch management, implementing robust email filtering, and strengthening overall security posture.
Tags
Date
- Created: Feb. 12, 2025, 4:15 p.m.
- Published: Feb. 12, 2025, 4:15 p.m.
- Modified: Feb. 12, 2025, 8:44 p.m.
Linked vulnerabilities
Indicators
- 09d6dab9b70a74f61c41eaa485b37de9a40c86b6d2eae7413db11b4e6a8256ef
- 181.214.147.164
- 103.140.62.43
- 89.248.172.139
- 45.182.189.102
- 185.181.230.103
Attack Patterns
- Cl0p
- Cl0p
- T1036.001
- T1021.002
- T1550.002
- T1069
- T1055.001
- T1543.003
- T1070.001
- T1484.001
- T1490
- T1202
- T1482
- T1018
- T1567
- T1012
- T1518.001
- T1070.004
- T1562.001
- T1005
- T1486
- T1574
- T1547
- T1106
- T1082
- T1057
- T1566.001
- T1083
- T1071
- T1570
- T1204
- T1140
- T1033
- T1190
- T1078
- T1068
- T1059
- CVE-2024-50623
Additional Informations
- Retail
- Transportation
- Manufacturing
- Canada
- United States of America