Secureworks report details that the Clop ransomware group, also known as GOLD TAHOE, has been actively targeting Cleo managed file transfer (MFT) systems using zero-day vulnerabilities. These attacks exploited critical flaws including CVE-2024-50623 and CVE-2024-55956, which allow unrestricted file uploads, remote code execution, and execution of arbitrary commands. This exploitation enables Clop to steal sensitive data and potentially lead to ransomware attacks. Clop's campaign against Cleo systems has resulted in a large number of victims and is expected to continue, highlighting the significant risk to organizations using these file transfer platforms. The campaign underscores the importance for organizations to promptly apply patches and strengthen security controls.

Join for free to read