Cl0p claimed responsibility for targeting companies using unpatched versions of Cleo's MFT products in December 2024.

Cl0p was the most active threat group in February 2025, responsible for 37% of attacks.

Cl0p was responsible for 330 attacks in February 2025, a 460% increase from January (59).