Cl0p is recognized as one of the most dangerous ransomware threats, primarily targeting corporate and private networks globally, while avoiding CIS countries. The group’s recent activities are marked by sophisticated exploitation techniques, particularly the exploitation of the critical vulnerability CVE-2025-61882 found in Oracle E-Business Suite, an application crucial for enterprise operations.
The presence of this vulnerability, noted in June 2025, has escalated in recent months. Analysts observed a significant breakthrough in Cl0p’s attack strategy, which is characterized by deliberate infrastructure reuse. Notably, 41 subnet IPs used in the current Oracle EBS attacks were also utilized in earlier campaigns, such as against the MOVit vulnerability (CVE-2023-34362). This indicates a tactical approach to maintaining operational efficiency while complicating detection efforts.
The geographic distribution of Cl0p’s infrastructure is also worth highlighting, with notable activity from Russia, Germany, Brazil, and Panama. This pattern, combined with their use of sophisticated networking techniques, underscores Cl0p’s effectiveness as a leading ransomware operation in today’s cybersecurity threat landscape.
👉 Pročitaj original: Cyber Security News
