Clop ransomware is a high-profile, evolving threat actor that has significantly compromised industries globally. This financially motivated ransomware family has been linked to the GOLD TAHOE threat group, which uses malicious emails as an Initial Access Vector (IAV) to deliver Clop ransomware. GOLD TAHOE further utilizes the BITSAdmin tool to retrieve the TinyMet Meterpreter stager in Clop ransomware incidents, demonstrating sophisticated and evolving techniques to bypass security defenses.
The Clop ransomware operation made headlines on April 10, 2023, when it leaked over 16,000 sensitive files of Tasmanian students. The compromised data included student assistance application data, financial invoices, and statements. Following this, the group claimed responsibility for exploiting a zero-day flaw in the MOVEit software, which led to the theft of sensitive data from high-profile organizations such as British Airways, Shell, and the U.S. Department of Energy.
The potency of the Clop ransomware lies in its ability to adapt and evolve, constantly changing tactics to bypass security measures and launch high-impact attacks. Its notorious activities include the series of MOVEit mass-hacks and theft of gigabytes of data from various companies, including Estée Lauder’s archives. As of now, the Clop ransomware group continues to dump stolen data, posing an ongoing threat to global cybersecurity.
Description last updated: 2023-08-23T19:35:00.081Z