Hackers Exploit Cleo File Transfer Software Flaw in Ongoing Attacks

A critical vulnerability in Cleo's managed file transfer tools is being actively exploited, even on patched systems, compromising businesses across multiple industries.

• The vulnerability, CVE-2024-50623, affects Cleo's LexiCom, VLTrader, and Harmony software, allowing remote code execution despite prior patches issued in October 2024.
• Hackers began exploiting the flaw on December 3, 2024, with a significant increase in attacks observed by December 8, targeting at least ten organizations in sectors like consumer goods, logistics, and food supply.
• Researchers have linked the attacks to IP addresses in Moldova, the Netherlands, Canada, Lithuania, and the United States, with evidence of post-exploitation activities such as data theft and persistent system access.
• Security experts recommend moving Cleo systems behind firewalls, disabling the autorun feature, and monitoring for suspicious files and PowerShell commands until a new patch is released later this week.
• Cleo’s software is used by over 4,000 companies worldwide, including major retailers and logistics firms, raising concerns about the potential scale of the compromise.

3 Articles

BleepingComputer The Register TechCrunch