Cleo’s trojan horse. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 8 February 2025

⏱️ 19 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Mark Manglicmot, SVP of Security Services from Arctic Wolf, is sharing their research on "Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software." Arctic Wolf Labs discovered an ongoing exploitation campaign targeting Cleo Managed File Transfer (MFT) products, beginning on December 7, 2024. Threat actors used a malicious PowerShell stager to deploy a Java-based backdoor, dubbed Cleopatra, which features in-memory file storage and cross-platform compatibility across Windows and Linux. Despite Cleo's previous patch for CVE-2024-50623, attackers appear to have leveraged an alternative access method, exploiting the software's autorun feature to execute payloads and establish persistent access. The research can be found here: Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:09.5	And now a message from our sponsor, Z-Scaler, the leader in cloud security.
0:17.2	Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks and a $75 million record payout in 2024.
0:31.1	These traditional security tools expand your attack surface with public-facing IPs that are exploited by bad actors,
0:38.0	more easily than ever, with AI tools.
0:40.9	It's time to rethink your security.
0:43.4	Z-scaler Zero Trust Plus AI stops attackers
0:47.0	by hiding your attack surface,
0:49.3	making apps and IPs invisible,
0:51.7	eliminating lateral movement,
0:53.5	connecting users only to specific apps, not the
0:56.5	entire network, continuously verifying every request based on identity and context, simplifying security
1:03.8	management with AI-powered automation, and detecting threats using AI to analyze over 500 billion
1:10.7	daily transactions.
1:12.6	Hackers can't attack what they can't see.
1:14.8	Protect your organization with Z-Scaler, Zero Trust, and AI.
1:19.6	Learn more at Z-scaler.com slash security.
1:27.1	Music Hello, everyone, and welcome to the CyberWires Research Saturday. I'm Dave Bittner, and this is our weekly
1:40.8	conversation with researchers and analysts tracking down the threats and vulnerabilities,
1:46.0	solving some of the hard problems and protecting ourselves in a rapidly evolving cyberspace.
1:52.0	Thanks for joining us.
1:59.0	On December 10th, Article F Labs, threat intelligence team uncovered some novel threat intelligence
	...

Transcript will be available on the free plan in -6 days. Upgrade to see the full transcript now.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.