CyberWire Daily

Cleo’s trojan horse. [Research Saturday]

Feb 8, 2025

Mark Manglicmot, SVP of Security Services at Arctic Wolf, is a cybersecurity expert who dives into the Cleopatra mass exploitation campaign. He discusses the alarming use of a Java backdoor, which attackers deploy via PowerShell stagers, exploiting vulnerabilities in Cleo's MFT software. Mark highlights the ongoing challenges in cybersecurity, emphasizing the need for proactive measures and vigilance against evolving threats. He also stresses the importance of software updates and robust vulnerability management to fend off sophisticated tactics like those used in the Cleopatra campaign.

21:31

Creator website

Episode guests

Mark Manglicmot

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The Cleopatra exploitation campaign emphasizes the critical need for organizations to swiftly patch vulnerabilities and reassess their security protocols against evolving threats.

An alarming trend of attackers leveraging managed file transfer software showcases the heightened risks associated with interconnected systems and supply chain integrations.

Deep dives

Rising Threats and Vulnerabilities in Cybersecurity

Enterprises are increasingly facing grave cybersecurity challenges, as indicated by an 18% rise in ransomware attacks and record payouts reaching $75 million in 2024. Traditional security tools such as firewalls and VPNs are proving inadequate, often expanding an organization's attack surface and making it easier for bad actors to exploit weaknesses. These vulnerabilities are exacerbated by the growing presence of AI tools used by attackers, which enhance their capabilities to penetrate defenses. As a result, organizations need to rethink their security strategies, moving towards frameworks such as Zero Trust combined with AI to effectively safeguard their systems.

Intro

2min

Exploiting Zero-Day Vulnerabilities

8min

Proactive Measures in Cybersecurity Against Evolving Threats

3min

Enhancing Security in MFT Software

4min

Evolving Cyber Attack Tactics: The Cleopatra Campaign

3min

Mark Manglicmot, SVP of Security Services from Arctic Wolf, is sharing their research on "Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software." Arctic Wolf Labs discovered an ongoing exploitation campaign targeting Cleo Managed File Transfer (MFT) products, beginning on December 7, 2024. Threat actors used a malicious PowerShell stager to deploy a Java-based backdoor, dubbed Cleopatra, which features in-memory file storage and cross-platform compatibility across Windows and Linux.

Despite Cleo's previous patch for CVE-2024-50623, attackers appear to have leveraged an alternative access method, exploiting the software's autorun feature to execute payloads and establish persistent access.

The research can be found here:

Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software

Learn more about your ad choices. Visit megaphone.fm/adchoices

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

CyberWire Daily

Cleo’s trojan horse. [Research Saturday]

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Rising Threats and Vulnerabilities in Cybersecurity

The Cleopatra Campaign: Exploiting Managed File Transfer Software

Mitigation Strategies and Best Practices for Organizations

The research can be found here:

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

CyberWire Daily

Cleo’s trojan horse. [Research Saturday]

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Rising Threats and Vulnerabilities in Cybersecurity

The Cleopatra Campaign: Exploiting Managed File Transfer Software

Mitigation Strategies and Best Practices for Organizations

The research can be found here:

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights