CL0P
Figure 21: Total CL0P Attacks Month-on-Month 2022 vs 2023
Interestingly, as the readers of our Monthly Threat Pulse will be aware, these seemingly random spikes that can be observed in Figure 21 are in fact representative of CL0P’s bespoke modus operandi (MO) which distinguishes them from the majority of other threat actors in the ransomware threat landscape. Between the GoAnywhere MFT vulnerability (CVE-2023-0669), exploited by them on the 3rd of February, and which significantly boosted their March figures, and the MOVEit Transfer vulnerability (CVE-2023-34362) exploited on the 31st of May, affecting their June and July figures, we can begin to outline their MO.
For a long time CL0P has been present in the threat landscape, but their activity was particularly notable in 2023 where being the third most active threat actor over the course of the year and, in some instances, the most prominent actor of the month. With a huge 609% increase from just 57 attacks in 2022, which was 2% of the year’s total, to a much more impactful 404 cases in 2023, which is 9% of the total; CL0P have evidently stepped up their game. Despite being completely inactive for 33% of the year (0 attacks), and conducting just 5 attacks or less per month for another 42%, they have still managed to come in third relying on their campaigns carried out in March, June, and July (and also the months in which the group was in first position).
48
Made with FlippingBook - PDF hosting