BleepingComputer reports that Fortra has completed its probe into the Clop ransomware operation's widespread compromise of its Fortra GoAnywhere Managed File Transfer system through the exploitation of a zero-day, tracked as CVE-2023-0669.
Suspicious GoAnywhere activity was first identified by Fortra on Jan. 30 but further investigation revealed that threat actors were able to breach systems as early as Jan. 18, with the vulnerability exploited to facilitate the creation of user accounts in certain customer environments from Jan. 28 to 30.
Such accounts have been leveraged to enable file downloads, as well as the installation of the "Netcat" and "Errors.jsp" tools used for backdoor creation and dynamic web page-building activities, respectively, according to Fortra.
"When we identified the tools used in the attack, we communicated directly with each customer if either of these tools were discovered in their environment," said Fortra.
More than 130 organizations were claimed to have been compromised by Clop during the attack, all of which have been given assistance by Fortra, which also issued mitigations and recommendations for vulnerable GoAnywhere instances.
Ransomware, Threat Management
Investigation on Fortra GoAnywhere attacks completed
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds