More than 130 organizations were claimed to be compromised by the Clop ransomware gang using a Fortra GoAnywhere MFT secure file transfer tool zero-day vulnerability, tracked as CVE-2023-0669, BleepingComputer reports.
Several vulnerable servers were allegedly breached by Clop during a 10-day period, allowing the theft of data, said the ransomware operation, which denied to give more details regarding the attacks. Despite the lack of any confirmation from Fortra, the attacks have been associated by Huntress Threat Intelligence Manager Joe Slowik to TA505, which has leveraged Clop ransomware in previous attacks.
"Based on observed actions and previous reporting, we can conclude with moderate confidence that the activity Huntress observed was intended to deploy ransomware, with potentially additional opportunistic exploitation of GoAnywhere MFT taking place for the same purpose," said Slowik.
Ongoing exploitation of the vulnerability has prompted its addition to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities Catalog on Friday, with federal agencies urged to remediate vulnerable systems by March 3.
Ransomware, Vulnerability Management
Over 130 orgs compromised via GoAnywhere zero-day
Share
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds