Blue Yonder, the availability chain administration large that was hit by a ransomware assault final month that brought about ripples all through the retail sector, mentioned it’s investigating claims of information theft made by a ransomware gang on Christmas Eve.
The Clop ransomware operation mentioned it stole info from Blue Yonder and dozens of different corporations by way of a recently-discovered zero-day vulnerability in file sharing software program from an organization named Cleo.
The gang made a number of threats towards Blue Yonder and mentioned they weren’t responding to extortion makes an attempt.
The Panasonic-owned firm mentioned it has no cause to imagine the latest claims are linked to final month’s ransomware assault, which brought about disruptions at Starbucks, BIC and a number of other main grocery store manufacturers.
In a press release to Recorded Future Information, a Blue Yonder spokesperson acknowledged that the corporate makes use of Cleo to handle sure file transfers and has utilized the patch for the vulnerability.
“Like many Cleo clients throughout the globe, we’re at the moment investigating any potential influence of this matter on our enterprise and can present an applicable replace to our clients when we have now further info,” the spokesperson mentioned.
“We’ve no cause to imagine the Cleo vulnerability is linked to the cybersecurity incident we skilled in November.”
The spokesperson declined to reply a number of questions on potential ties between the 2 incidents and whether or not a ransom has been issued for both. A comparatively new ransomware operation named Termite took credit score for the November ransomware assault on Blue Yonder, which gives digital provide chain instruments to a number of the largest corporations on the planet.
The assault disrupted a back-end Starbucks course of that manages how workers view and handle their schedules, and see the variety of hours folks labored. A number of main grocery store manufacturers within the U.Ok. and producers within the U.S. like pen-maker BIC reported manufacturing points associated to the assault.
Practically all buyer programs have since been restored however the Termite gang claimed it stole 680 GB of information that features emails, insurance coverage paperwork, firm knowledge and extra.
Blue Yonder was acquired by Panasonic in 2021 for about $8.5 billion and gives programs for achievement, supply and returns for greater than 3,000 main corporations throughout 76 nations.
Cleo vs. Clop
Simply two weeks after the Blue Yonder ransomware incident in November, file switch software program firm Cleo warned clients {that a} vulnerability in three of its hottest merchandise was being abused by hackers.
The Clop ransomware gang finally took credit score for exploiting the bug — including one more file switch large to its checklist of victims. In whole, Clop named 66 organizations that had info stolen by way of the Cleo file switch software program.
Blue Yonder is at the moment the one firm Clop named totally as a part of the Cleo leaks — the opposite names of sufferer organizations are partially obscured. A number of of the businesses that may very well be gleaned from the checklist have been contacted however didn’t reply to requests for remark.
Cleo is the fourth file switch software to be exploited by Clop after world knowledge theft campaigns focusing on MOVEit, GoAnywhere and Accellion. In every of the assaults, the group usually focuses on stealing knowledge held within the file switch software program and promoting that for a ransom versus the everyday try and shut down or harm a corporation’s units or programs.
The latest Clop marketing campaign towards MOVEit had world implications, impacting a number of U.S. federal departments, governments and Fortune 500 corporations.
Cybersecurity agency Emsisoft estimates that 2,773 organizations have been impacted by the assaults on MOVEit, and the information of almost 96 million folks have been uncovered and stolen by the group behind the exploitation.
Clop is estimated to have earned wherever from $75 million to $100 million simply from ransoms through the MOVEit marketing campaign.
Recorded Future
Intelligence Cloud.
Be taught extra.
![JOB POST: Transactions – Projects & Energy Team at Sidebar, Noida [4-10 PQE; Offline]: Apply Now!](https://i0.wp.com/cdn.lawctopus.com/wp-content/uploads/2025/08/Sidebar.jpg?w=120&resize=120,86&ssl=1)
