More than 130 organizations were claimed to be compromised by the Clop ransomware gang using a Fortra GoAnywhere MFT secure file transfer tool zero-day vulnerability, tracked as CVE-2023-0669, BleepingComputer reports.
Several vulnerable servers were allegedly breached by Clop during a 10-day period, allowing the theft of data, said the ransomware operation, which denied to give more details regarding the attacks. Despite the lack of any confirmation from Fortra, the attacks have been associated by Huntress Threat Intelligence Manager Joe Slowik to TA505, which has leveraged Clop ransomware in previous attacks.
"Based on observed actions and previous reporting, we can conclude with moderate confidence that the activity Huntress observed was intended to deploy ransomware, with potentially additional opportunistic exploitation of GoAnywhere MFT taking place for the same purpose," said Slowik.
Ongoing exploitation of the vulnerability has prompted its addition to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities Catalog on Friday, with federal agencies urged to remediate vulnerable systems by March 3.
Over 130 orgs compromised via GoAnywhere zero-day
More than 130 organizations were claimed to be compromised by the Clop ransomware gang using a Fortra GoAnywhere MFT secure file transfer tool zero-day vulnerability, tracked as CVE-2023-0669, BleepingComputer reports.
Attackers behind the scheme placed an ad on the LEGO website homepage that urged visitors to click a link that would "unlock secret rewards," which redirects to a third-party marketplace enabling purchases of the fraudulent LEGO token with Ethereum.
Threat actors who infiltrated the online store of 5.11 Tactical were able to exfiltrate information from individuals who shopped from July 12 to August 22, including their names and email addresses, as well as their payment card numbers, expiration dates, and security codes.