Security News > 2023 > April > Fortra shares findings on GoAnywhere MFT zero-day attacks

Fortra shares findings on GoAnywhere MFT zero-day attacks
2023-04-19 19:06

Fortra has completed its investigation into the exploitation of CVE-2023-0669, a zero-day flaw in the GoAnywhere MFT solution that the Clop ransomware gang exploited to steal data from over a hundred companies.

The critical GoAnywhere remote code execution flaw became publicly known after Fortra notified customers on February 3rd, 2023.

Fortra released the security update for the zero-day vulnerability a day later, urging all customers to install it.

On February 10th, 2023, the Clop ransomware gang told BleepingComputer that it had managed to steal the data for 130 companies by exploiting the bug in GoAnywhere MFT. Despite numerous attempts by BleepingComputer to contact Fortra about the reported attacks and extortion attempts, the software vendor did not respond.

As the investigation continued, Fortra discovered that the same flaw had been leveraged against on-premise customers running a specific configuration of the GoAnywhere MFT, moving the first signs of exploitation back to January 18th, 2023.

Fortra says that it has helped and guided all customers directly impacted by these attacks on how to secure their instances and configure their GoAnywhere MFT securely.


News URL

https://www.bleepingcomputer.com/news/security/fortra-shares-findings-on-goanywhere-mft-zero-day-attacks/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-02-06 CVE-2023-0669 Deserialization of Untrusted Data vulnerability in Fortra Goanywhere Managed File Transfer
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.
network
low complexity
fortra CWE-502
7.2