Advertisement Banner
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Cyber News

Clop ransomware claims the hack of 130 orgs using GoAnywhere MFT flawSecurity Affairs

admin by admin
February 11, 2023
in Cyber News


The Clop ransomware group claims to have breached over 130 organizations exploiting the GoAnywhere MFT zero-day.

The Clop ransomware group claims to have stolen sensitive data from over 130 organizations by exploiting a zero-day vulnerability (CVE-2023-0669) in Fortra’s GoAnywhere MFT secure file transfer tool, BleepingComputer reported.

Fortra immediately addressed the flaw with the release of emergency security patch and urged customers to install it.

The popular investigator Brian Krebs first revealed details about the zero-day on Mastodon and pointed out that Fortra has yet to share a public advisory.

“GoAnywhere MFT, a popular file transfer application, is warning about a zero-day remote code injection exploit. The company said it has temporarily implemented a service outage in response.” Krebs wrote on Mastodon. “I had to create an account on the service to find this security advisory”

According to the private advisory published by Fortra, the zero-day is a remote code injection issue that impacts GoAnywhere MFT. The vulnerability can only be exploited by attackers with access to the administrative console of the application.

Installs with administrative consoles and management interfaces that are not exposed on the internet are safe, however, security researcher Kevin Beaumont discovered about 1000 Internet-facing consoles.

Fortra recommends GoAnywhere MFT customers to review all administrative users and monitor for unrecognized usernames, especially those created by system.

Clop told BleepingComputer that they were able to compromise over 130 organizations in just ten days, but did not share details regarding their claims.

BleepingComputer could not independently confirm Clop’s claims, and Fortra has not replied to emails asking for more info regarding CVE-2023-0669 exploitation and the ransomware group’s allegations.

— BleepingComputer (@BleepinComputer) February 10, 2023

The crooks also claims to have fully compromised the network organizations, but did not deploy any ransomware.

Multiple experts already released exploits for the CVE-2023-0669 vulnerability, on February 6, 2023, the researcher Florian Hauser of IT security consulting firm Code White released a proof-of-concept (PoC) exploit code.

Ron Bowes, lead security researcher at Rapid7 announced they have merged their exploit for Fortra’s GoAnywhere MFT into Metasploit

Just merged our exploit for Fortra’s GoAnywhere MFT into Metasploit, with a huge assist from @zeroSteiner! Works great against Linux and Windows targets.

There’s a patched version out now, make sure you’ve updated!https://t.co/vY3gLTisXh

— Ron Bowes (@iagox86) February 8, 2023

Researchers at threat intelligence firm Huntress shared findings of their investigation into GoAnywhere MFT exploitation and linked the attacks to the TA505 threat actors.

“While links are not authoritative, analysis of Truebot activity and deployment mechanisms indicate links to a group referred to as TA505. Distributors of a ransomware family referred to as Clop, reporting from various entities links Silence/Truebot activity to TA505 operations.” reads the analysis published by Huntress. “Based on observed actions and previous reporting, we can conclude with moderate confidence that the activity Huntress observed was intended to deploy ransomware, with potentially additional opportunistic exploitation of GoAnywhere MFT taking place for the same purpose.”

This week CISA also added the GoAnywhere MFT flaw to its  Known Exploited Vulnerabilities Catalog, ordering federal agencies to address it by March 3, 2023.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Clop ransomware)



Share On






Source link

Previous Post

Tripura poised to become ‘Gateway’ of South Asia: PM Modi –

Next Post

What the China Spy Balloon Saga Means for India – The Diplomat

Next Post

What the China Spy Balloon Saga Means for India – The Diplomat

Recommended

South Korea’s President Yoon Criticized for Banning Broadcaster From Plane – The Diplomat

4 months ago

EAM Jaishankar reaches Maldives, reaffirms India-Maldives development ties are strong –

2 months ago

© 2022 Law Enforcement News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Cyber News
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact

© 2022 Law Enforcement News Hubb All rights reserved.