Contact

Cleopatra's Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software

NetmanageIT OpenCTI - opencti.netmanageit.com

Cleopatra's Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software



SUMMARY :

A mass exploitation campaign targeting Cleo Managed File Transfer (MFT) products was observed in December 2024. The attackers exploited a zero-day vulnerability to deploy a Java-based backdoor dubbed Cleopatra. The campaign began on December 7 and is ongoing. The attack chain involves an obfuscated PowerShell stager, a Java loader, and the Cleopatra backdoor. The backdoor supports cross-platform functionality on Windows and Linux, with specific features to access data within Cleo MFT software. Multiple IP addresses were used for command and control, while vulnerability scanning originated from only two IPs. The campaign appears opportunistic, affecting various industries. Affected Cleo products include Harmony, VLTrader, and LexiCom, even on patched versions.

OPENCTI LABELS :

cve-2024-50623,cleo mft,cleopatra


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Cleopatra's Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software