Clop Ransomware Group Claims Responsibility for GoAnywhere MFT Attacks

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

The Clop ransomware group claims responsibility for recent cyber attacks that exploited a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool. The vulnerability, now known as CVE-2023-0669, allows attackers to gain remote code execution on unpatched GoAnywhere MFT instances with their administrative console exposed to the Internet. The group claims to have stolen data from over 130 organizations but refused to provide proof or details about the attacks and extortion.