The Clop ransomware gang is actively targeting exposed Gladinet CentreStack file servers, compensating their data theft with extortion tactics. This campaign follows previous attacks exploiting vulnerabilities in various file-sharing platforms, including Oracle EBS. #Clop #GladinetCentreStack
Keypoints
- Clop is scanning and breaching publicly exposed CentreStack servers for data theft.
- The attack involves leaving ransom notes on compromised systems, though the vulnerability exploited is unknown.
- Gladinet CentreStack serves thousands of businesses across more than 49 countries, making it a valuable target.
- Clop has a history of attacking file transfer services like Accellion and MOVEit Transfer, exposing many organizations worldwide.
- Recent campaigns include exploiting a zero-day in Oracle EBS, affecting prominent organizations such as Harvard and The Washington Post.