The Clop ransomware group claims that it has stolen sensitive data from over 130 organizations by exploiting Fortra’s GoAnywhere MFT secure file transfer tool tracked as CVE-2023-0669.
Fortra advisory says the zero-day is a remote code injection issue that impacts GoAnywhere MFT. The vulnerability can only be exploited by attackers with access to the administrative console of the application.
If the consoles are not exposed to the internet, then it’s considered safe. Fortra recommends GoAnywhere MFT customers to review all administrative users and monitor for unrecognized usernames, especially those created by the system.
Fortra addressed the flaw with the release of the emergency security patch and urged customers to install it.
Threat actors from Clop told BleepingComputer that they were able to compromise over 130 organizations in just ten days, but did not share details regarding their claims and claimed full compromise of victims network but didn’t deployed any ransomware.
Several security researchers have already released exploits for the CVE-2023-0669 vulnerability.
CISA also added the GoAnywhere MFT flaw to its Known Exploited Vulnerabilities Catalog, ordering federal agencies to address it by March 3, 2023.