The Cl0p ransomware group has claimed responsibility for exploiting vulnerabilities in Cleo file transfer products, specifically CVE-2024-55956, which allows unauthenticated remote code execution. The attacks, which began in December, aim to steal files from organizations using the vulnerable software. While Cl0p is believed to be behind the attacks, the possibility of multiple threat groups involved remains.