Security News > 2023 > April > Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks
Fortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution vulnerability in its GoAnywhere MFT tool that has come under active exploitation by ransomware actors to steal sensitive data.
"The unauthorized party used CVE-2023-0669 to create unauthorized user accounts in some MFTaaS customer environments," the company said.
While Netcat is a legitimate program for managing reading and writing data over a network, it's currently not known how the JSP file was used in the attacks.
The investigation also found that CVE-2023-0669 was exploited against a small number of on-premise implementations running a specific configuration of the GoAnywhere MFT solution.
The development comes as Malwarebytes and NCC Group reported a spike in ransomware attacks during the month of March, largely driven by active exploitation of the GoAnywhere MFT vulnerability.
"The ransomware-as-a-service provider, Cl0p, successfully exploited the GoAnywhere vulnerability and was the most active threat actor observed, with 129 victims in total," NCC Group said.
- Windows zero-day vulnerability exploited in ransomware attacks (source)
- ALPHV ransomware exploits Veritas Backup Exec bugs for initial access (source)
- Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks (source)
- Medusa ransomware claims attack on Open University of Cyprus (source)
- MSI confirms security breach following ransomware attack claims (source)
- Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise (source)
- Taiwanese PC Company MSI Falls Victim to Ransomware Attack (source)
- KFC, Pizza Hut owner discloses data breach after ransomware attack (source)
- Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit (source)
- Vice Society ransomware uses new PowerShell data theft tool in attacks (source)
|2023-02-06||CVE-2023-0669|| Deserialization of Untrusted Data vulnerability in Fortra Goanywhere Managed File Transfer |
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.
| 7.2 |