Cybercrime Group
Cl0p
Russia • Active since 2019
Cl0p is a ransomware gang that became famous for hacking file transfer software used by thousands of companies. When they find one bug, they can hack hundreds of companies at once.
Overview
Cl0p is a ransomware operation known for mass exploitation of zero-day vulnerabilities in file transfer software. They have exploited MOVEit, GoAnywhere, and Accellion FTA vulnerabilities.
Also Known As
TA505 affiliate, FIN11, Lace Tempest
Target Industries
All Industries, Healthcare, Finance, Government, Education
Target Regions
Global
Is your business exposed?
Tactics, Techniques & Procedures
- • Zero-day exploitation
- • Mass exploitation campaigns
- • File transfer software targeting
- • Data extortion without encryption
- • Automated victim processing
Known Tools & Malware
Cl0p ransomware, DEWMODE, FlawedGrace, SDBOT, Custom exploits
Notable Campaigns
MOVEit Transfer Exploitation (2023)
Exploited MOVEit zero-day affecting 2,500+ organizations.
GoAnywhere MFT Exploitation (2023)
Exploited GoAnywhere zero-day affecting 130+ organizations.
MITRE ATT&CK Techniques
T1190, T1486, T1567, T1078, T1059
Defense Recommendations
- 1.
Patch file transfer software immediately
- 2.
Inventory all file transfer applications
- 3.
Implement network segmentation for file transfers
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required