Security News > 2023 > April > Fortra shares findings on GoAnywhere MFT zero-day attacks
Fortra has completed its investigation into the exploitation of CVE-2023-0669, a zero-day flaw in the GoAnywhere MFT solution that the Clop ransomware gang exploited to steal data from over a hundred companies.
The critical GoAnywhere remote code execution flaw became publicly known after Fortra notified customers on February 3rd, 2023.
Fortra released the security update for the zero-day vulnerability a day later, urging all customers to install it.
On February 10th, 2023, the Clop ransomware gang told BleepingComputer that it had managed to steal the data for 130 companies by exploiting the bug in GoAnywhere MFT. Despite numerous attempts by BleepingComputer to contact Fortra about the reported attacks and extortion attempts, the software vendor did not respond.
As the investigation continued, Fortra discovered that the same flaw had been leveraged against on-premise customers running a specific configuration of the GoAnywhere MFT, moving the first signs of exploitation back to January 18th, 2023.
Fortra says that it has helped and guided all customers directly impacted by these attacks on how to secure their instances and configure their GoAnywhere MFT securely.
News URL
Related news
- Google fixes two Android zero-days used in targeted attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- Japan warns of IO-Data zero-day router flaws exploited in attacks (source)
- Fully patched Cleo products under renewed 'zero-day-ish' mass attack (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-06 | CVE-2023-0669 | Deserialization of Untrusted Data vulnerability in Fortra Goanywhere Managed File Transfer Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. | 7.2 |