7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
A semi-active ransomware group has claimed it is behind a string of attacks which have taken advantage of a zero-day vulnerability in GoAywhere MFT.
The Russian-linked Clop ransomware group says it was able to remotely attack private systems using exposed GoAnywhere MFT administration consoles accessible on the public internet. BleepingComputer reports the group claimed they gained access and stole data from the GoAnywhere servers of at least 130 organizations.
One of Clopβs victims was Community Health Systems (CHS), a Fortune 500 healthcare services provider in the US. It recently filed a Form 8-K to the Securities and Exchange Commission (SEC), announcing the compromise of its system and disclosure of company data, including protected health information (PHI) and personal information (PI) of certain patients. CHS didnβt disclose the specific number of affected individuals.
Since the release of the emergency patch, Fortra has revealed that attackers also breached some of its MFTaaS instances during the attack.
The Cybersecurity & Infrastructure Security Agency (CISA) recently added CVE-2023-0669 to its Known Exploited Vulnerabilities Catalog, a list of software flaws that federal organizations must patch within two weeks. Itβs helpful for non-federal organizations to refer to as well, in order to help prioritize their patching.
Thankfully, an emergency patch (7.1.2) has been available since last week.
As well as the patch, GoAnywhere clients are also encouraged to:
We donβt just report on threatsβwe remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.