Security News > 2023 > April > Fortra shares findings on GoAnywhere MFT zero-day attacks
Fortra has completed its investigation into the exploitation of CVE-2023-0669, a zero-day flaw in the GoAnywhere MFT solution that the Clop ransomware gang exploited to steal data from over a hundred companies.
The critical GoAnywhere remote code execution flaw became publicly known after Fortra notified customers on February 3rd, 2023.
Fortra released the security update for the zero-day vulnerability a day later, urging all customers to install it.
On February 10th, 2023, the Clop ransomware gang told BleepingComputer that it had managed to steal the data for 130 companies by exploiting the bug in GoAnywhere MFT. Despite numerous attempts by BleepingComputer to contact Fortra about the reported attacks and extortion attempts, the software vendor did not respond.
As the investigation continued, Fortra discovered that the same flaw had been leveraged against on-premise customers running a specific configuration of the GoAnywhere MFT, moving the first signs of exploitation back to January 18th, 2023.
Fortra says that it has helped and guided all customers directly impacted by these attacks on how to secure their instances and configure their GoAnywhere MFT securely.
News URL
Related news
- Google fixes Android kernel zero-day exploited in targeted attacks (source)
- “Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days (source)
- Microsoft fixes 6 zero-days under active attack (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited (source)
- Versa fixes Director zero-day vulnerability exploited in attacks (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-06 | CVE-2023-0669 | Deserialization of Untrusted Data vulnerability in Fortra Goanywhere Managed File Transfer Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. | 7.2 |