Security News > 2023 > February > Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT
A zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application is being actively exploited in the wild.
The vulnerability is a case of remote code injection that requires access to the administrative console of the application, making it imperative that the systems are not exposed to the public internet.
According to security researcher Kevin Beaumont, there are over 1,000 on-premise instances that are publicly accessible over the internet, a majority of which are located in the U.S. "The Fortra advisory Krebs quoted advises GoAnywhere MFT customers to review all administrative users and monitor for unrecognized usernames, especially those created by system," Rapid7 researcher Caitlin Condon said.
"The logical deduction is that Fortra is likely seeing follow-on attacker behavior that includes the creation of new administrative or other users to take over or maintain persistence on vulnerable target systems."
There is no patch currently available for the zero-day vulnerability, although Fortra has released workarounds to remove the "License Response Servlet" configuration from the web.
Vulnerabilities in file transfer solutions have become appealing targets for threat actors, what with flaws in Accellion and FileZen weaponized for data theft and extortion.
News URL
https://thehackernews.com/2023/02/warning-hackers-actively-exploiting.html
Related news
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- Hackers get $886,250 for 49 zero-days at Pwn2Own Automotive 2025 (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)