Hackers are actively exploiting a high-risk vulnerability in a popular file transfer technology, putting thousands of enterprise customers at risk of remote code execution and data theft. The vulnerability, tracked as CVE-2024-50623, affects software developed by Illinois-based enterprise software company Cleo, according to researchers at cybersecurity company Huntress.

The flaw was first disclosed by Cleo in a security advisory on October 30, which warned that exploitation could lead to remote code execution. It affects Cleo's LexiCom, VLTransfer, and Harmony tools, which are commonly used by enterprises to manage file transfers. Despite Cleo releasing a patch for the vulnerability in October, researchers at Huntress warn that the patch does not mitigate the software flaw.

Huntress security researcher John Hammond said the company has observed threat actors "exploiting this software en masse" since December 3. He added that Huntress, which protects more than 1,700 Cleo LexiCom, VLTransfer, and Harmony servers, has discovered at least 10 businesses whose servers were compromised. The victim organizations so far have included various consumer product companies, logistics and shipping organizations, and food suppliers, with many other customers at risk of being hacked.

Shodan, a search engine for publicly available devices and databases, lists hundreds of vulnerable Cleo servers, the majority of which are located in the U.S. Cleo has more than 4,200 customers, including U.S. biotechnology company Illumina, sports footwear giant New Balance, and Dutch logistics firm Portable. The vulnerability's impact is significant, given the widespread use of Cleo's file transfer tools in enterprise environments.

Huntress has not yet identified the threat actor behind these attacks, and it's not known whether any data has been stolen from impacted Cleo customers. However, Hammond noted that the company has observed hackers performing "post-exploitation activity" after compromising vulnerable systems. This raises concerns about the potential for data breaches and further exploitation of compromised systems.

Cleo did not respond to TechCrunch's questions and has not yet released a patch that protects against the flaw. In the meantime, Huntress recommends that Cleo customers move any internet-exposed systems behind a firewall until a new patch is released. This underscores the importance of timely patching and proactive security measures to mitigate the risk of exploitation.

Enterprise file transfer tools have become a popular target among hackers and extortion groups. Last year, the Russia-linked Clop ransomware gang claimed thousands of victims by exploiting a zero-day vulnerability in Progress Software's MOVEit Transfer product. The same gang had previously taken credit for the mass exploitation of a vulnerability in Fortra's GoAnywhere managed file transfer software, which was used to target more than 130 organizations. This latest vulnerability highlights the ongoing threat to enterprise file transfer systems and the need for vigilance in protecting these critical assets.

The incident serves as a reminder of the importance of proactive security measures, timely patching, and robust vulnerability management. As the threat landscape continues to evolve, it's essential for enterprises to prioritize the security of their file transfer systems and stay ahead of potential threats. With the vulnerability still unpatched, the situation remains critical, and Cleo customers are advised to take immediate action to protect their systems.