Over 130 orgs compromised via GoAnywhere zero-day

More than 130 organizations were claimed to be compromised by the Clop ransomware gang using a Fortra GoAnywhere MFT secure file transfer tool zero-day vulnerability, tracked as CVE-2023-0669, BleepingComputer reports. Several vulnerable servers were allegedly breached by Clop during a 10-day period, allowing the theft of data, said the ransomware operation, which denied to give more details regarding the attacks. Despite the lack of any confirmation from Fortra, the attacks have been associated by Huntress Threat Intelligence Manager Joe Slowik to TA505, which has leveraged Clop ransomware in previous attacks. "Based on observed actions and previous reporting, we can conclude with moderate confidence that the activity Huntress observed was intended to deploy ransomware, with potentially additional opportunistic exploitation of GoAnywhere MFT taking place for the same purpose," said Slowik. Ongoing exploitation of the vulnerability has prompted its addition to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities Catalog on Friday, with federal agencies urged to remediate vulnerable systems by March 3.