Security News > 2023 > April > Fortra shares findings on GoAnywhere MFT zero-day attacks
Fortra has completed its investigation into the exploitation of CVE-2023-0669, a zero-day flaw in the GoAnywhere MFT solution that the Clop ransomware gang exploited to steal data from over a hundred companies.
The critical GoAnywhere remote code execution flaw became publicly known after Fortra notified customers on February 3rd, 2023.
Fortra released the security update for the zero-day vulnerability a day later, urging all customers to install it.
On February 10th, 2023, the Clop ransomware gang told BleepingComputer that it had managed to steal the data for 130 companies by exploiting the bug in GoAnywhere MFT. Despite numerous attempts by BleepingComputer to contact Fortra about the reported attacks and extortion attempts, the software vendor did not respond.
As the investigation continued, Fortra discovered that the same flaw had been leveraged against on-premise customers running a specific configuration of the GoAnywhere MFT, moving the first signs of exploitation back to January 18th, 2023.
Fortra says that it has helped and guided all customers directly impacted by these attacks on how to secure their instances and configure their GoAnywhere MFT securely.
News URL
Related news
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-06 | CVE-2023-0669 | Deserialization of Untrusted Data vulnerability in Fortra Goanywhere Managed File Transfer Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. | 7.2 |