CL0P Ransomware: Latest Attacks
Feb. 12, 2025, 8:44 p.m.
Description
The Cl0p ransomware group has recently targeted 43 organizations across various industries, with a focus on Manufacturing, Retail, and Transportation sectors. The majority of victims are located in the US, Canada, and Europe. The attackers likely exploited the Cleo vulnerability (CVE-2024-50623) for initial access. Over 1.6 million assets are potentially vulnerable to this exploit. The report provides IOCs, MITRE ATT&CK techniques, and YARA rules for detection. Cl0p is associated with the Russian cybercriminal group TA505/Evil Corp, known for custom malware development and sophisticated attack techniques. Recommendations include prioritizing patch management, implementing robust email filtering, and strengthening overall security posture.
Tags
Date
- Created: Feb. 12, 2025, 4:15 p.m.
- Published: Feb. 12, 2025, 4:15 p.m.
- Modified: Feb. 12, 2025, 8:44 p.m.
Indicators
- 09d6dab9b70a74f61c41eaa485b37de9a40c86b6d2eae7413db11b4e6a8256ef
- 181.214.147.164
- 103.140.62.43
- 89.248.172.139
- 45.182.189.102
- 185.181.230.103
Additional Informations
- Retail
- Transportation
- Manufacturing
- Canada
- United States of America