Cleo Warns of Widespread Cyberattack Affecting Multiple Industries
Cleo, a leading provider of managed file transfer software, has warned of a widespread cyberattack affecting multiple industries. The campaign bears similarities to previous attacks by the Clop group, targeting consumer products, food, trucking, and shipping sectors. Cleo has identified vulnerabilities that could lead to remote code execution and data theft.
The attack chain can be mitigated by disabling Cleo's Autorun Directory. Additionally, Cleo has released an advisory urging customers to upgrade to version 5.8.0.21. However, the patch has proven insufficient against active exploits. Affected businesses are advised to remove impacted products from the public internet and ensure they are behind a firewall, as per Rapid7's recommendations.
Security researchers have sounded the alarm on a zero-day vulnerability in Cleo's software being exploited in the wild since at least December 3, 2024. At least 10 businesses have been compromised, with exploitation dating back to this period. Cleo has since identified another vulnerability (CVE pending) that could lead to remote code execution, affecting Cleo Harmony, VLTrader, and LexiCom products.
Cleo customers are urged to review indicators and investigate their environments for suspicious activity. The company has released a patch, but its effectiveness against active exploits is uncertain. The affected businesses should take immediate action to secure their systems and protect sensitive data.
