The recently disclosed zero-day exploits hitting Fortra’s GoAnywhere managed file transfer (MFT) software have been getting a lot of attention lately. Tracked as CVE-2023-0669, the vulnerability was publicly disclosed in early February, and a patch was released a week later. It is believed that the Russian-speaking threat actor ‘Silence’ is behind the exploit, and this group is linked to the distribution of the Cl0p ransomware.
Over the past week, the ransomware group has been listing organizations allegedly impacted by the incident, including the City of Toronto, Saks Fifth Avenue, Pluralsight, Procter & Gamble, Rio Tinto, and the U.K.’s Pension Protection Fund (PPF). Hitachi Energy, Hatch Bank, Rubrik, and Community Health Systems have also reported being affected by the exploit.
The City of Toronto has confirmed that some data was compromised in an incident at a third-party vendor, but did not name the vendor. Saks Fifth Avenue has stated that some data was stolen but no real customer data was impacted. Pluralsight discontinued the use of GoAnywhere after Forta informed them of the incident, and they also notified customers of the risks associated with the attack. PPF stated that employee data was compromised, and Virgin confirmed that the Cl0p gang contacted them directly to claim possession of stolen data. Atos has also reported data associated with a specific Nimbix file transfer application was exposed. Finally, Rio Tinto told employees that internal data such as payroll information was stolen, and the group responsible for the hack was threatening to release the data publicly.
In conclusion, it is clear that the exploit is having far-reaching consequences for many organizations. Companies should take steps to ensure their data is properly protected and secured to reduce the risk of falling victim to similar incidents. Additionally, organizations should be aware that ransomware groups are becoming more sophisticated and are targeting specific companies.
Key Points:
- The exploit has been linked to a Russian-speaking threat actor called ‘Silence’.
- Organizations such as the City of Toronto, Saks Fifth Avenue, Pluralsight, Procter & Gamble, Rio Tinto, and the U.K.’s Pension Protection Fund have been impacted.
- Hitachi Energy, Hatch Bank, Rubrik, and Community Health Systems have also reported being affected.
- Atos has reported data associated with a specific Nimbix file transfer application was exposed.
- Rio Tinto told employees that internal data such as payroll information was stolen.
- Companies should take steps to ensure their data is properly protected and secured.
- Organizations should be aware that ransomware groups are becoming more sophisticated and are targeting specific companies.