Pierluigi Paganini
October 12, 2025
The Clop Ransomware group announced the hack of the prestigious Harvard University. The cybercrime group created a page for the university on its Tor data leak site and announced it will leak the stolen data soon.
“PAGE CREATED, DATA ARCHIVING IS IN PROGRESS… A TORRENT LINK WILL BE AVAILABLE SOON … !!!” reads the announcement on its leak site.
“The company doesn’t care about its customers, it ignored their security!!!”
Clop (aka Cl0p) is a prolific Russian-speaking ransomware-as-a-service group specializing in big-game hunting and double-extortion.
The Clop ransomware group first appeared on the threat landscape around February 2019, emerging from the TA505 cybercrime group, a financially motivated gang active since at least 2014.
Like other Russia-based threat actors, Clop avoids targets in former Soviet countries and its malware can’t be activated on a computer that operates primarily in Russian.
Operators and affiliates identify high-value targets, steal sensitive data, encrypt networks, then publish stolen files on data-leak sites to pressure victims into paying. Clop exploits zero-days and vulnerable third-party software (e.g., MOVEit, GoAnywhere, Oracle EBS), leverages initial-access brokers and automation, and uses sophisticated evasion and lateral-movement techniques to maximize impact and monetization.
Clop’s victims include Shell, British Airways, Bombardier, University of Colorado, PwC, and the BBC.
The group conducted major campaigns including:
- MOVEit Transfer (2023): One of the largest ransomware campaigns in history, impacting hundreds of companies worldwide, including US and European firms, through an SQL injection zero-day (CVE-2023-34362).
- Accellion FTA (2020–2021): Exploited a zero-day in the file-transfer appliance to steal data from ~100 organizations.
- GoAnywhere MFT (2023): Targeted a flaw (CVE-2023-0669) to compromise over 130 organizations.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Harward)
clop ransomware
Cybercrime
Hacking
hacking news
Harvard University
information security news
IT Information Security
malware
Pierluigi Paganini
Security Affairs
Security News
