Tag

#clop

3 posts tagged #clop.

Analysis · May 20, 2026 · The Commentary Desk

Before MOVEit and GoAnywhere, Cl0p's playbook was born on a 20-year-old Accellion box

The Accellion FTA breaches of late 2020 are where Cl0p's mass-data-theft-and-extortion model started. Four CVEs in a legacy file-transfer appliance, exploited to steal data from dozens of organizations. The product was already two decades old and on its way out.
Analysis · May 20, 2026 · analysis-desk

You can be the victim of a vulnerability in software you don't run

Most of the 90-plus million people whose data Cl0p stole through MOVEit had never heard of it, and their data leaked through payroll firms and service bureaus, not their own systems. CVE-2023-34362 is the case study in third-party data risk you can't patch your way out of.
Analysis · May 20, 2026 · operations-desk

SysAid customers got the patch the same week they learned they were already breached

CVE-2023-47246 was a SysAid zero-day before it was a CVE. The Cl0p operator Lace Tempest, fresh off MOVEit, was writing webshells to Tomcat and deploying ransomware while the vendor was still writing the advisory. When the attacker has the bug first, detection matters as much as patching.