US Cereal giant Kellogg's has alerted employees and vendors that company data had been breached following a cyber attack by criminal gang CL0P.
Cl0p is a Russian-speaking ransomware gang that uses a ransomware-as-a-service (RaaS) model of attack where malicious actors rent their malware for a share of the profits.
Data was breached during December 2024 when attackers targeted a vulnerability in Cleo file transfer software.
Zero Day Vulnerabilities Exploited
Cl0p targeted Cleo with a Zero day attack. Zero day vulnerabilities are software flaws that are unknown to the vendor (in this case, Cleo) and for which no patch or fix exists at the time of exploitation. The term "zero-day" refers to the fact that the vendor has had zero days to address the vulnerability.
Because these vulnerabilities are unknown, Cl0p was able to leverage them to gain unauthorized access to Cleo's systems before Cleo or the wider security community was even aware of the weaknesses.
The criminal group specifically exploited vulnerabilities CVE-2024-50623 which was an unrestricted file upload and download vulnerability and CVE-2024-55956 which allows unauthenticated command execution.
After learning of the attack Kellogg’s states that they immediately contacted Cleo. After investigation Cleo confirmed that an unauthorized party was able to access servers Cleo hosted that were used for transferring employee files to human resources service vendors on December 7, 2024.
Cleo was able to provide a list of the files that were on the involved servers. The files were reviewed, and it was determined that the files contained the name and Social Security number of one Maine resident who had been informed.
The corporation has offered the affected party one year of complimentary credit monitoring and identity protection services. They have also established a dedicated call center to answer questions that others may have on the incident.
Comments ( 0 )