No exact results. Similar results found.
@adulau@infosec.exchange2025-07-01 09:46:49
The Python-based data-exfiltration utility used by the Cl0p ransomware group (commonly distributed as part of the toolset during the 2023 – 2024 MoveIt campaigns) constructs operating-system commands by directly concatenating attacker-supplied strings without input sanitization. An authenticated endpoint on the Cl0p operators’ staging/collection host passes file-or directory-names received from compromised machines straight into a shell-escape sequence. No official patch or cooperation from …