An attack on the GoAnywhere controlled file transfer software that exploited a recently discovered zero-day vulnerability has been reported by one of the largest healthcare providers in the US.
Coded as CVE-2023-0669, the flaw was reported by Fortra, the firm that developed GoAnywhere, at the start of the month after a researcher discovered its exploitation in the wild. A workaround was supplied by Fortra, and a patch was made available a week after.
Organizations hit by attacks have started coming forward and disclosing the impact.
The vulnerability, tracked as CVE-2023-0669, was disclosed by GoAnywhere developer Fortra on February 1, after the company became aware of exploitation in the wild. Mitigations and indicators of compromise (IoCs) were released immediately, and a patch was made available a week later.
The Clop ransomware group claimed responsibility for the GoAnywhere attack and claimed to have successfully stolen data from over 130 organizations. The hackers, however, have not shown any proof to support their assertions.
More than 130 enterprises were initially affected by the Clop ransomware group’s abuse of a zero-day vulnerability discovered in the Fortra GoAnywhere MFT.
More than a thousand GoAnywhere instances are still exposed on the internet. Fortra claims that exploitation, however, necessitates access to the admin interface, which, “in most situations,” can only be reached from inside a private enterprise network, a virtual private network (VPN), or from IPs that are allowed. This indicates that not all of the exposed instances will be impacted.
Community Health Systems (CHS) has reported a third-party data breach using Fortra’s GoAnywhere managed file transfer (MFT) technology in a Securities and Exchange Commission (SEC) filing.
Tennessee-based Community Health System runs no fewer than 79 hospitals, run in 16 different states. CHS works with Fortra, a cybersecurity company that provides GoAnywhere, a secure file transfer program that was recently the target of a vulnerability.
According to the disclosure notice CHS filed at the SEC, Fortra let CHS know about a “security problem that led to the unlawful disclosure of corporate data.”
Organizations have until March 3 to address CVE-2023-0669, which CISA has added to its list of known exploited vulnerabilities.