Cybergang Cl0p: Data allegedly leaked through Cleo security vulnerability

The criminal online gang Cl0p has allegedly struck again: the perpetrators have broken into many companies through a security gap in the data transfer software Cleo and copied sensitive data. They are threatening to publish it.

On its Darknet site, Cl0p lists 59 company domains from which it has allegedly accessed data through a security gap in Cleo. The criminals are threatening publication if the companies do not respond by Saturday, January 18, and enter into negotiations with Cl0p. They also announce that they will publish a new part of the company list on January 21.

Hardly any known victims

According to Cleo's darknet presence, the perpetrators are contacting the companies concerned. The best-known company on the list is apparently the car rental company Hertz. However, there is no indication of a data leak on the website so far. A response to an inquiry from heise online in this regard is still pending.

The security vulnerability in the Cleo data transfer software became known in December 2024. An update initially offered was intended to close it, but was ineffective. At the same time, it emerged that the security vulnerability was being actively attacked. Towards the middle of December, Cleo published an updated security notice and version 5.8.024 of the software, which was supposed to fix the vulnerability correctly.

Cl0p has not yet provided any evidence of the data thefts. However, this was also the case when Cl0p copied data from companies through MOVEit transfer gaps and later published it.

In mid-2023, the cyber gang Cl0p attracted attention by abusing security vulnerabilities in the MOVEit Transfer data transfer software from Progress to copy data from companies and blackmail them. Numerous well-known companies were among the victims of the criminal organization. In Germany in particular, the AOK regional associations were among them, while internationally, the BBC and British Airways were among them.

(dmk)