Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again

2 mn read

Security researchers are warning that hackers are actively exploiting another high-risk vulnerability in a popular file transfer technology to launch mass hacks. 

The vulnerability, tracked as CVE-2024-50623, affects software developed by Illinois-based enterprise software company Cleo, according to researchers at cybersecurity company Huntress. 

The flaw was first disclosed by Cleo in a security advisory on October 30 which warned that exploitation could lead to remote code execution. It affects ​​Cleo’s LexiCom, VLTransfer, and Harmony tools, which are commonly used by enterprises to manage file transfers.

Cleo released a patch for the vulnerability in October, but in a blog on Monday Huntress warned that the patch does not mitigate the software flaw.

Huntress security researcher John Hammond said the company has observed threat actors “exploiting this software en masse” since December 3. He told TechCrunch in a statement on Tuesday that Huntress – which protects more than 1,700 Cleo LexiCom, VLTransfer, and Harmony servers – has discovered at least 24 businesses whose servers were compromised. 

“Victim organizations so far have included various consumer product companies, logistics and shipping organizations, and food suppliers,” wrote Hammond, adding that many other customers are at risk of being hacked.

Shodan, a search engine for publicly available devices and databases, lists hundreds of vulnerable Cleo servers, the majority of which are located in the U.S.

Cleo has more than 4,200 customers, including U.S. biotechnology company Illumina, sports footwear giant New Balance, and Dutch logistics firm Portable.

Huntress has not yet identified the threat actor behind these attacks and it’s not known whether any data has been stolen from impacted Cleo customers.

However, Hammond noted that the company has observed hackers performing “post-exploitation activity” after compromising vulnerable systems.

In an emailed statement given to TechCrunch, Jorge Rodriguez, SVP of product Development at Cleo, said that a patch for the critical vulnerability is “under development.” Huntress recommends that Cleo customers move any internet-exposed systems behind a firewall until a new patch is released.

Rodriguez declined to how many customers had been impacted or whether it was aware of any data exfiltration.

Enterprise file transfer tools are a popular target among hackers and extortion groups. Last year, the Russia-linked Clop ransomware gang claimed thousands of victims by exploiting a zero-day vulnerability in Progress Software’s MOVEit Transfer product. The same gang had previously taken credit for the mass exploitation of a vulnerability in Fortra’s GoAnywhere managed file transfer software, which was used to target more than 130 organizations. 

Leave a Reply

Interesting media and relevant content those who seek to rise above the ordinary.

Discover Xiarra Media

We’re an author oriented platform for interesting media and content. A place where your opinions matter. Start with Xiarra Media to discover your information needs community stories.

Build relationships

Connect with like minds as well as differing viewpoints while exploring all the content from the Xiarra community network. Forums, Groups, Members, Posts, Social Wall and many more. Boredom is not an option!

Join Xiarra Today!

Get unlimited access to the best articles on Xiarra Media and/or support our  cohort of authors. Upgrade Now

©2024 XIARRA MEDIA