Microsoft analysts report that last month the notorious hacker group FIN7 (also known as Carbanak, Navigator and others) resumed its activity. The researchers were able to link FIN7 to attacks whose ultimate goal was to deploy the Clop ransomware on victims’ networks. FIN7 Cybercrime Group Goes On Let me remind you that we also wrote… Continue reading FIN7 Hack Group Resumed Activity, Linked to Clop Ransomware
Tag: Clop
Clop and LockBit Ransomware Exploit Fresh Vulnerabilities in PaperCut
Microsoft has linked recent attacks on PaperCut servers to ransomware operations by Clop and LockBit, which used vulnerabilities to steal corporate data. In March 2023, print management solutions provider PaperCut fixed vulnerabilities CVE-2023-27350 (9.8 out of 10 on the CVSS scale, equalling the recently-discovered MSMQ vulnerability) and CVE-2023-27351 (8.2 out of 10). on the CVSS… Continue reading Clop and LockBit Ransomware Exploit Fresh Vulnerabilities in PaperCut
Clop Operators Claim to Hack 130 Organizations Using GoAnywhere MFT Bug
Clop ransomware operators claim to be behind recent attacks on a 0-day vulnerability in the GoAnywhere MFT secure file transfer tool. Hackers claim that thanks to this bug they stole the data of 130 organizations. We also reported that Exploits for Vulnerabilities in Three Popular WordPress Plugins Appeared on the Network. As a reminder, GoAnywhere… Continue reading Clop Operators Claim to Hack 130 Organizations Using GoAnywhere MFT Bug
Raspberry Robin Worm Operators Now Trade Access
Microsoft researchers reported that the operators of the hack group, which they track under the ID DEV-0950, used the Clop ransomware to encrypt the network of a victim previously infected with the Raspberry Robin worm. Let me remind you that the first Raspberry Robin malware was found by analysts from Red Canary. In the spring… Continue reading Raspberry Robin Worm Operators Now Trade Access
LockBit Weaponizes Its Victims’ Clients – Brett Callow
Brett Callow, a cybersecurity analyst at Emsisoft, shared information on his Twitter about the broadened tactics the LockBit ransomware group applies to its victims. Imagine a firm gets attacked by ransomware. It is not a novelty that, besides encrypting the data belonging to the company (to demand ransom for giving the data back,) the crooks… Continue reading LockBit Weaponizes Its Victims’ Clients – Brett Callow
Clop ransomware exploits vulnerability in SolarWinds Serv-U
The NCC Group warns of a spike of Clop ransomware attacks (hack group also known as TA505 and FIN11), which exploits a vulnerability in SolarWinds Serv-U. Most of them start off by exploiting the CVE-2021-35211 bug in Serv-U Managed File Transfer and Serv-U Secure FTP. This issue allows a remote attacker to execute commands with… Continue reading Clop ransomware exploits vulnerability in SolarWinds Serv-U
Clop ransomware continues to work even after a series of arrests
The media reported that Clop ransomware continues to work: its operators have again begun posting data stolen from victims on their website. The fact is that last week, as a result of a joint operation carried out with the assistance and coordination of Interpol by the law enforcement agencies of Ukraine, South Korea and the… Continue reading Clop ransomware continues to work even after a series of arrests
Cyber police of Ukraine arrested persons linked with the Clop ransomware
As a result of a joint operation carried out with the assistance and coordination of Interpol by law enforcement agencies and the cyber police of Ukraine, South Korea and the United States, six suspects linked with the notorious Clip ransomware were arrested. Sources close to the investigation told The Record that South Korean police launched… Continue reading Cyber police of Ukraine arrested persons linked with the Clop ransomware