BlackCat Now Exploiting GoAnywhere Security Flaw

BlackCat now exploiting GoAnywhere security flaw making it the second ransomware group reported to be exploiting the security flaw of GoAnywhere, thus joining Clop.

BlackCat Exploiting GoAnywhere Security Flaw

BlackCat Exploiting GoAnywhere Security Flaw

The Clop ransomware group is at the moment not the only threat actor that has successfully leveraged the GoAnywhere MFT vulnerability in a bid to target an organization.

And just as discovered by cybersecurity researchers At-Bay, popular ransomware threat actor BlackCat (AKA ALPHV) also has used the flaw in targeting an unnamed U>S> business in February 2023.

“This latest exploitation of the GoAnywhere MFT vulnerability against a U.S. business by the highly-active BlackCat group raises the stakes on remediation,” Ido Lev of At-Bay writes. “The vulnerability is a good example of how cybercriminals don’t just go after the most prevalent or publicly-known CVE disclosures. The most important indicator of risk isn’t just the score that’s given to the vulnerability, but how easily it can be exploited by cybercriminals in-the-wild, at scale, to achieve a desired outcome.”

What is GoAnywhere MFT

GoAnywhere MFT as you should know is a secure file transfer service that is built by Fortra and then utilized by many of the biggest organizations in the world.

It was discovered back in February that a Russian threat actor that is known as Clop made use of a vulnerability in the product which is now tracked as CVE-2023-0669, in a bid to infiltrate over a hundred organizations and then get access to their sensitive data.

What Fortra Has To Say about the Vulnerabilities and Attacks

“A zero-day remote code injection exploit was identified in GoAnywhere MFT,” Fortra at the time said. “The attack vector of this exploit requires access to the administrative console of the application, which in most cases is accessible only from within a private company network, through VPN, or by allow-listed IP addresses (when running in cloud environments, such as Azure or AWS).”

Companies Affected By the Attack

And among the companies reportedly compromised are Hatch Energy, Hitachi Bank, Saks Fifth Avenue, Procter & Gamble, and many others.

What Affected Users Need To Do To Protect Against the Attacks

In order to protect against these attackers in question, researchers are now saying that users of GoAnywhere MFT should make sure to apply the latest and recent patch and then get their software up to at least version 7.1.2.



Please enter your comment!
Please enter your name here