Clop
High ConfidenceCritical ThreatCl0p • TA505 • FIN11 • GOLD TAHOE
Clop is a ransomware operation that has been active since at least 2019, known for their double extortion tactics and high-profile supply chain attacks. The group gained significant notoriety for exploiting zero-day vulnerabilities in file transfer solutions including Accellion FTA, GoAnywhere MFT, and MOVEit Transfer, affecting hundreds of organizations in single campaigns. Clop's operations have resulted in billions of dollars in damages and the exposure of sensitive data from government agencies, healthcare organizations, and financial institutions worldwide.
Clop is a ransomware operation that has been active since at least 2019, known for their double extortion tactics and high-profile supply chain attacks. The group gained significant notoriety for exploiting zero-day vulnerabilities in file transfer solutions including Accellion FTA, GoAnywhere MFT, and MOVEit Transfer, affecting hundreds of organizations in single campaigns. Clop's operations have resulted in billions of dollars in damages and the exposure of sensitive data from government agencies, healthcare organizations, and financial institutions worldwide.
Target Sectors
Target Regions
Attributed to Cybercriminal (No State Sponsor) (Russia). Attribution confidence: High.
Future Outlook
Clop is expected to continue operations targeting All Sectors.
First observed activity of Clop
Continued active operations