Threat Actors Behind GoAnywhere Attacks Target Japan-based Hitachi Energy Firm

Hitachi Energy has confirmed a data breach as part of the GoAnywhere attacks. The Cl0p ransomware gang behind the attacks exploited a 0-day vulnerability in Fortra GoAnywhere MFT (Managed File Transfer) to gain access. Japan-based Hitachi Energy provides energy solutions and power systems.

GoAnywhere Had a 0-Day Vulnerability

Recently, it was discovered that a third-party software provider named FORTRA GoAnywhere MFT was vulnerable to a zero-day vulnerability and was being used in attacks by the Cl0p ransomware group targeting institutions/organizations in various countries. These attacks result in unauthorized access to the targeted institutions’ inventories and data.

Figure: A post from a dark web forum about GoAnywhere
Figure: A post from a dark web forum about GoAnywhere

Cl0p Ransomware Gangs Announced They Exploit Over 130 Organizations

The 0-day vulnerability in the GoAnywhere file-sharing software is tracked with the code CVE-2023-0669 and was first discovered on February 3, 2023. On February 6, 2023, an exploit code was released for this vulnerability, and by February 10, 2023, Cl0p operators had announced that they had used the exploit to attack 130 organizations. The following specific industries and sectors were targeted in these attacks:

  • Community Health Systems (CHS)
  • Fintech platform Hatch Bank
  • Cybersecurity firm Rubrik
  • Hitachi Energy, which provides services in the energy sector.

For more information about Cl0p and other ransomware groups, read our blog post.

Solution Proposal

  • Regularly conducting attack surface analyses to protect inventories of institutions and organizations,
  • Using up-to-date versions of all systems, programs, applications, and other inventories where vulnerabilities have been addressed.

Share This:
  • Categories
  • Latest News
  • Follow Us on Social Media!