Hitachi Energy attributes the data breach to the utilization of a Zero-Day in GoAnywhere MFT Software.
Hitachi Energy, a sustainable energy giant, has blamed a data breach affecting its employees on the exploitation of a zero-day vulnerability in Fortra’s GoAnywhere managed file transfer (MFT) software. The Cl0p ransomware gang targeted the product and may have gained unauthorized access to employee data in some countries, according to a press release published by the company.
Upon learning of the attack, Hitachi Energy took immediate action and initiated their own investigation. They disconnected the third-party system, engaged forensic IT experts to analyze the nature and scope of the attack, and informed employees who may be affected, providing them with support. The company also notified applicable data privacy, security and law enforcement authorities, and is continuing to cooperate with the relevant stakeholders.
The vulnerability exploited in the attack is CVE-2023-0669, a remote code execution flaw whose existence was disclosed by Fortra on February 1, after attacks exploiting it were detected. A patch was released a week later. Exploitation of the vulnerability has been linked to the Cl0p ransomware group.
Hitachi Energy has found no evidence that its network operations and customer data have been compromised. However, the Cl0p gang has started leaking files allegedly stolen from Hatch Bank and Rubrik, which indicates that these two companies have refused to pay the ransom demanded by the hackers. Community Health Systems may have been impacted as well, with as many as one million patients potentially affected.
Key Points:
- Hitachi Energy has blamed a data breach affecting its employees on the exploitation of a zero-day vulnerability in Fortra’s GoAnywhere managed file transfer (MFT) software.
- The company took immediate action and initiated their own investigation, disconnected the third-party system, and engaged forensic IT experts to help them analyze the attack.
- The vulnerability exploited in the attack is CVE-2023-0669, a remote code execution flaw whose existence was disclosed by Fortra on February 1.
- Hitachi Energy has found no evidence that its network operations and customer data have been compromised.
- The Cl0p gang has started leaking files allegedly stolen from Hatch Bank and Rubrik, which indicates that these two companies have refused to pay the ransom.
- Community Health Systems may have been impacted as well, with as many as one million patients potentially affected.