59 organizations reportedly victim to breaches caused by Cleo software bug

News
By published

More victims expected to be revealed by suspected culprits

A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
(Image credit: Shutterstock)
  • At press time, Cleo’s Lexicom, VLTransfer and Harmony contain a bug it disclosed in October 2024
  • Threat actors were first observed to be exploiting it in December 2024
  • Ransomware group Clop has claimed 59 victims on its leak site, though some are disputing any intrusion

Clop, the Russian state-linked ransomware group, has now claimed to have hacked 59 companies after exploiting a known bug in a number of file transfer applications developed by software house Cleo.

The flaw, CVE-2024-50623, affects Cleo’s LexiCom, VLTransfer and Harmony software, inadvertently enables remote code execution, and was first disclosed on October 30, 2024. Clop later published the list of victims on its dark web site, though many are denying that a breach has taken place.

Clop is claiming to have issued intrusion notices to its victims, including Cleo itself, on its own website, but also that impacted companies are refusing to submit to ransom demands.

Cleo RCE bug impact

Przemyslaw Jedrysik, a spokesperson for German manufacturer Covestro, was one of the few willing to reveal the extent of the intrusion to TechCrunch.

He disclosed unauthorized access by Clop to a US logistics server, but that it has since “taken measures to ensure system integrity, enhance security monitoring and proactively notify customers”. He also claimed that information on this server wasn’t of a sensitive nature.

Spokespeople for several companies including car rental firm Hertz and Australian logistics company Linfox have, however, explicitly denied intrusions in statements to TechCrunch.

Clop also listed as a victim software supply chain enterprise Blue Yonder as a victim, though, at press time, it hasn’t issued any cybersecurity incident updates since December 12, 2024. However, a spokesperson did say in a statement to TechCrunch that Blue Yonder does use Cleo software, and that it was investigating potential unauthorized access to its servers.

The group is claiming it’ll disclose more of its victims in this attack on January 21, 2025, though the true scale of the attack remains unclear.

You might also like

Luke Hughes
Luke Hughes
Staff Writer

 Luke Hughes holds the role of Staff Writer at TechRadar Pro, producing news, features and deals content across topics ranging from computing to cloud services, cybersecurity, data privacy and business software.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Lock on Laptop Screen
Clop ransomware lists Cleo cyberattack victims
Ransomware
Fortinet firewall bugs are being targeted by LockBit ransomware hackers
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
CISA tells agencies to patch BeyondTrust bug now
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
More reports claim 2024 was the worst year for ransomware attacks yet
Avast cybersecurity
Hackers are hijacking government software to access sensitive servers
Latest in Security
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Image depicting a hand on a scanner
Hackers are targeting unpatched ServiceNow instances that exploit 3 separate year-old vulnerabilities
Latest in News
Security padlock and circuit board to protect data
Trust in digital services around the world sees a massive drop as security worries continue
Samuel and Romy standing very close together in A24's Babygirl movie
Everything new on Max in April 2025, including A24's Babygirl and The Last of Us season 2
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
AMD’s secret weapon against Nvidia seems to be stock – way more RX 9070 GPUs are rumored to be hitting shelves than RTX 5000 models
Seth Milchick and Kier Eagan's animatronic speaking in Severance season 2 episode 10
Apple TV+ announces Severance has been renewed for season 3 after that devastating finale
AMD Ryzen AI
New leak suggests AMD's working on an Arm-based processor to rival Qualcomm's Snapdragon X series
Apple's Craig Federighi presenting customization options in iOS 18 at the Worldwide Developers Conference (WWDC) 2024.
iOS 19: new features, a new design, and everything you need to know
More about security
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)

This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Representational image depecting cybersecurity protection

Cisco smart licensing system sees critical security flaws exploited
Image of Link 360 2C webcam

On a tight budget for a high-quality webcam? Look no further than the Insta Link 360 webcam series - now discounted in Amazon's spring sale
See more latest
Most Popular
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Security padlock and circuit board to protect data
Trust in digital services around the world sees a massive drop as security worries continue
Samuel and Romy standing very close together in A24's Babygirl movie
Everything new on Max in April 2025, including A24's Babygirl and The Last of Us season 2
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
AMD’s secret weapon against Nvidia seems to be stock – way more RX 9070 GPUs are rumored to be hitting shelves than RTX 5000 models
AMD Ryzen AI
New leak suggests AMD's working on an Arm-based processor to rival Qualcomm's Snapdragon X series
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Saturday, March 22 (game #384)
A collage of Mikey Madison's Anora, Sadie Sink's O'Dessa, and Glinda and Elphaba in Wicked
7 new movies and TV shows to stream on Netflix, Prime Video, Max, and more this weekend (March 21)
Quordle on a smartphone held in a hand
Quordle hints and answers for Saturday, March 22 (game #1153)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Saturday, March 22 (game #650)