Termite Ransomware Zero-Day Attacks
Threat Content Highlights
- New “Trending & Emerging Threats” Tidal-curated Threat Profile update for the week: Termite Ransomware Zero-Day Attacks
- Actors were observed exploiting vulnerabilities (CVE-2024-55956 & CVE-2024-50623) in Cleo managed file transfer ("MFT") products. These products are used by more than 4,000 customers, especially in retail but also a variety of other industries, underscoring the size & breadth of the potential attack surface.
- Researchers drew comparisons to a campaign in mid-2023, where Clop ransomware operators used a zero-day exploit to compromise a different MFT solution (MOVEit), exposing potentially millions of records associated with numerous prominent brands. This Threat Profile features a new Campaign object with the Technique relationships related to observed Cleo software exploit attacks and associated tools. News reports linked attacks to Termite actors, and our Termite Ransomware object is also included here for context (but note: reporting to-date has not indicated the ransomware binary specifically was observed during the recent attacks).
- Actors were observed exploiting vulnerabilities (CVE-2024-55956 & CVE-2024-50623) in Cleo managed file transfer ("MFT") products. These products are used by more than 4,000 customers, especially in retail but also a variety of other industries, underscoring the size & breadth of the potential attack surface.