Cleo MFT Mass Zero-Day Exploitation, SafePay Ransomware
Threat Content Highlights
Threat Profiles, Objects, & Tags
-
- “Trending & Emerging Threats” weekly update: Cleo MFT Mass Zero-Day Exploitation
- Threat Profile updated following initial release last week. Actors continue to perform mass exploitation of zero-day vulnerabilities (CVE-2024-55956 & CVE-2024-50623) in Cleo managed file transfer ("MFT") products.
- 12/23/2024: Additional Technique and Software Relationships added to the Cleo Exploits Campaign object based on review of additional threat reporting. FIN11 (Group) and Cobalt Strike (Software) added to the Threat Profile based on recent indications from Mandiant that the Cl0p extortion group is linked to this mass exploitation activity.
- Threat Profile updated following initial release last week. Actors continue to perform mass exploitation of zero-day vulnerabilities (CVE-2024-55956 & CVE-2024-50623) in Cleo managed file transfer ("MFT") products.
- Monthly Threat Profile updates: “Major & Emerging Ransomware & Extortion Threats” and “Tidal Trending Techniques”
- New content added for SafePay Ransomware, a newcomer to the trending ransomware profile. The group ranked fourth in terms of claimed victims last month (32) and has been seen using various legitimate tools ahead of its main objective of encrypting victim systems.
- “Trending & Emerging Threats” weekly update: Cleo MFT Mass Zero-Day Exploitation