Cyber Security News

U.S. Govt offers $10 Million Bounty on Info About Cl0p Ransomware Gang

In recent times, there have been several reports about the CL0P ransomware gang exploiting the MOVEit transfer application.

The CISA and the FBI have published a Cybersecurity Advisory, which consists of the CL0P ransomware gang’s TTPs (Tactics, Techniques, and Procedures), IoCs (Indicators of Compromises), and mitigations.

Based on the known information, the CL0P ransomware group has been targeting and exploiting an SQL injection vulnerability in the MOVEit File Transfer application (CVE-2023-3436).

Most of these exploitations were internet-facing based MOVEit managed File Transfer (MFT) solution.

Modus Operandi of Ransomware Gang

CL0P acted as a Ransomware-as-a-Service (RaaS) and an affiliate for other RaaS-based groups.

This threat actor acted as an Initial Access Broker (IAB) for other threat actors to enter the organization. This is typically done through a phishing campaign.

Between 2020 to 2021, they exploited many zero-day targeting Accellion FTA servers and installed a web shell named DEWMODE.

At the start of this year, the TA was exploiting a zero-day vulnerability in the GoAnyWhere MFT platform that affected 130 victims in 10 days which was a great impact in a short period.

Their recent exploitation was an SQL injection vulnerability in the MOVEit File transfer applications which infected dozens of computers worldwide.

The list of malware exploited by the TA includes, 

A complete list of exploitation and methodologies were published by the CISA and the FBI collaboratively, including TTPs, impact, IoCs, and other important information.


  • Review and Monitor all Remote access execution logs.
  • Limit the use of RDP and other remote desktop services
  • Audit user accounts and their privileges
  • Implementation of time-based access
  • Disable hyperlinks in emails
  • Keep the software up-to-date

Looking For an All-in-One Multi-OS Patch Management Platform – Try Patch Manager Plus


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

Defend Ransomware Attacks With Top Effective Proactive Measures in 2024

We're currently living in an age where digital threats loom large. Among these, ransomware has…

10 mins ago

GoTitan Botnet Actively Exploiting Apache ActiveMQ Vulnerability

Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ…

17 hours ago

Cybercriminals are Showing Hesitation to Utilize AI When Executing Cyber Attacks

Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears…

17 hours ago

Vigil: Open-source Security Scanner for LLM Models Like ChatGPT

An open-source security scanner, developed by Git Hub user Adam Swanda, was released to explore…

18 hours ago

Slovenia’s Biggest Power Provider has Suffered a Cyberattack

One of Slovenia's major power providers, HSE, has recently fallen victim to a significant cyberattack.…

18 hours ago

Genesis Market Technique: Hackers Exploited Node.js and EV Certificates

In the labyrinthine landscape of cyber threats, the Trend Micro Managed XDR team has uncovered…

20 hours ago