Pierluigi Paganini
October 12, 2025
The Clop Ransomware group announced the hack of the prestigious Harvard University. The cybercrime group created a page for the university on its Tor data leak site and announced it will leak the stolen data soon.
“PAGE CREATED, DATA ARCHIVING IS IN PROGRESS… A TORRENT LINK WILL BE AVAILABLE SOON … !!!” reads the announcement on its leak site.
“The company doesn’t care about its customers, it ignored their security!!!”
Clop (aka Cl0p) is a prolific Russian-speaking ransomware-as-a-service group specializing in big-game hunting and double-extortion.
The Clop ransomware group first appeared on the threat landscape around February 2019, emerging from the TA505 cybercrime group, a financially motivated gang active since at least 2014.
Like other Russia-based threat actors, Clop avoids targets in former Soviet countries and its malware can’t be activated on a computer that operates primarily in Russian.
Operators and affiliates identify high-value targets, steal sensitive data, encrypt networks, then publish stolen files on data-leak sites to pressure victims into paying. Clop exploits zero-days and vulnerable third-party software (e.g., MOVEit, GoAnywhere, Oracle EBS), leverages initial-access brokers and automation, and uses sophisticated evasion and lateral-movement techniques to maximize impact and monetization.
Clop’s victims include Shell, British Airways, Bombardier, University of Colorado, PwC, and the BBC.
The group conducted major campaigns including:
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Harward)
