Major Canadian financing firm Investissement Qubec became the latest company to confirm having its data compromised in a Clop ransomware attack involving the exploitation of a zero-day security vulnerability in the Fortra GoAnywhere Managed File Transfer system, tracked as CVE-2023-0669, TechCrunch reports.
Some of Investissement Qubec's employees had their personal data stolen in the attack, which a company spokesperson noted to happen at Fortra, echoing Hitachi Energy's confirmation of being impacted by the attack earlier this week.
More than 130 organizations were claimed by Clop ransomware to be affected by the incident, including private equity firm Onex, which had samples of stolen data, including W-9 tax forms, employee data, and payment orders, exposed by the ransomware operation.
Meanwhile, payment software startup AvidXchange was also noted by Clop to have its data leaked soon despite the company's denial that it was impacted by the incident.
Other organizations listed by Clop, including Swiss pharmaceutical firm Galderma, pediatric mental health startup Brightline, and healthcare call center provider ITx Companies declined to comment on whether their GoAnywhere systems have been impacted.
On the other hand, the City of Toronto, which uses GoAnywhere systems but has not been named by Clop, confirmed that its data was secure from the intrusion.
BleepingComputer reports that Knight ransomware was observed by KELA threat analysts to have the third iteration of its source code posted for sale by the operation's representative, Cyclops, on RAMP forums.