Clop ransomware campaign targeting Gladinet CentreStack servers
Campaign
Summary
Hide ▲
Show ▼
The Clop/Cl0p ransomware gang is running a data theft extortion campaign against Internet-exposed Gladinet CentreStack file servers, raising the risk of compromise for organizations using the service. Investigators say the operators are scanning and breaching exposed servers and leaving ransom notes on compromised systems, with the exploitation vector still unknown. The scope may be broad because CentreStack is used by thousands of businesses across 49+ countries.
Related Happenings
Gladinet CentreStack and Triofox hardcoded AES keys RCE flaw
Vulnerability
First: 11.12.2025 23:49
Last: 11.12.2025 23:49
Sources 1
About this happening:
A new **Gladinet CentreStack** and **Triofox** vulnerability in the products' custom AES implementation is being **actively exploited** to recover **hardcoded cryptographic keys**...
Gladinet CentreStack and Triofox hardcoded AES keys RCE flaw
VulnerabilityAbout this happening: A new **Gladinet CentreStack** and **Triofox** vulnerability in the products' custom AES implementation is being **actively exploited** to recover **hardcoded cryptographic keys**...
Timeline
-
18.12.2025 22:16 2 articles · 5mo ago
Clop targets Gladinet CentreStack file servers
Initial DisclosureClop/Cl0p is running a new data theft extortion campaign against Internet-exposed Gladinet CentreStack file servers, with Curated Intelligence saying incident responders encountered the campaign, port-scan data showing at least 200+ unique IPs with the CentreStack - Login HTTP Title, and compromised servers leaving ransom notes behind. The exploitation vector is still unknown, with no confirmed CVE yet and uncertainty over whether the access path is an n-day or zero-day flaw.
Show sources
- Clop ransomware targets Gladinet CentreStack in data theft attacks — www.bleepingcomputer.com — 18.12.2025 22:16
- Clop ransomware targets Gladinet CentreStack in data theft attacks — www.bleepingcomputer.com — 18.12.2025 22:16