A vulnerability in Cleo’s file sharing products has been exploited by hackers, compromising dozens of organizations, including those in consumer products, shipping, and retail supply industries. The company has urged customers to apply a new patch immediately to address the issue.
Cleo Harmony, VLTrader, and LexiCom are affected, with systems still vulnerable even after applying the initial fix. Researchers from Huntress discovered that the bug, tagged as CVE-2024-50623 in October, was being used by cybercriminals to breach organizations.
A new patch has been released to resolve the issue, and customers are advised to block a set of IP addresses seen exploiting the bug. The affected organizations have mostly been hit with reconnaissance attacks, without ransomware or explicit data theft.
Cybersecurity experts believe that the attackers may be a sophisticated group with intimate knowledge of Cleo software. However, it is unclear if the faulty patch and current vulnerability are separate issues. Huntress has identified a new malware family, Malichus, being deployed by hackers exploiting the Cleo bug.
The Termite ransomware gang took credit for the attack on Blue Yonder, a software company hit with a pre-Thanksgiving ransomware attack that impacted dozens of downstream retailers. Cybersecurity firms have observed mass exploitation campaigns using Cleo Managed File Transfer products and noted similar activity from Clop, another ransomware gang.
While some enterprises in the food sector may be impacted by this vulnerability, experts believe that the industry has caught up to this threat quickly enough to prevent widespread disruptions. The food and agriculture information sharing and analysis center is monitoring the situation closely and providing mitigation guidance to its members.
Source: https://therecord.media/cleo-urges-customers-to-immediately-patch-systems-after-exploitation