The Clop ransomware group, also known as Cl0p, has launched a new extortion campaign aimed at Gladinet CentreStack file servers that are exposed to the internet.
Gladinet CentreStack is a file-sharing solution that allows organizations to securely access and share files stored on on-premises servers through web browsers, mobile applications, and mapped drives—without the need for a VPN. According to Gladinet, CentreStack “is used by thousands of businesses from over 49 countries.”
Since April, Gladinet has issued multiple security patches to fix several vulnerabilities that were actively exploited in attacks, including some zero-day flaws.
Threat actors linked to the Clop cybercrime operation are now actively scanning for CentreStack servers accessible online and breaching vulnerable systems. Curated Intelligence confirmed to BleepingComputer that attackers are leaving ransom notes on compromised servers.
At present, the exact vulnerability being used in these intrusions remains unknown. It is unclear whether Clop is exploiting a previously undisclosed zero-day flaw or taking advantage of an older vulnerability that has not yet been patched by affected organizations.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: