Skip to main content
Cleo MFT Exploitation: Cl0p Data Theft (CVE-2024-50623) operation cover
COMING SOONIntermediate

Cleo MFT Exploitation: Cl0p Data Theft (CVE-2024-50623)

A Cleo Harmony managed file transfer server is compromised through an unauthenticated file-write vulnerability in its autorun directory (CVE-2024-55956). When the service restarts, the planted XML triggers a Java loader that stages a backdoor, provisions a rogue account, and streams stored transfer files to external infrastructure. Reconstruct the chain from the Cleo web logs, Windows event logs, and perimeter firewall.

50m
7 tasks
50 points
Free

Launches in 5 days

Jul 7, 2026

Tuesday, July 7, 2026 at 9:00 AM

Create your free account

Be ready the moment it drops — free forever.

Training Tools

SIEMFirewall

What you'll investigate

7 objectives unlock when this operation goes live.

1Find the entry point
2Identify the initial exploit source
3Name what was planted
4Trace the loader back to its origin
5Find the exfiltration destination
6Classify the persistence mechanism
7Classify the initial access technique

Be first when it launches

Create your free account now. The moment this operation goes live on Jul 7, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.

Get Started Free

No credit card required — free forever