Hitachi Energy Latest Victim of Clop GoAnywhere AttacksAttackers Exploit Zero-Day Vulnerability in Fortra's Managed File Transfer Software
Hitachi Energy joined the ranks of victims hit by the Clop ransomware group, which has exploited a zero-day vulnerability in Fortra's widely used managed file transfer software, GoAnywhere MFT. Clop claimed responsibility for the hack, which compromised networks used by 130 different organizations.
Hitachi Energy, a subsidiary of the Japanese tech giant, confirmed Friday that the Clop ransomware group had exploited the flaw in Fortra's GoAnywhere file transfer software that could have resulted in unauthorized access to employee data in some countries.
"Upon learning of this event, we took immediate action and initiated our own investigation, disconnected the third-party system and engaged forensic IT experts to help us analyze the nature and scope of the attack," the company said in a data breach notification letter.
The company says it is informing affected employees and has notified applicable data privacy, security and law enforcement authorities.
"According to our latest information, our network operations or the security of customer data have not been compromised. We will continue to update relevant parties as the investigation progresses," the statement said.
Cybersecurity analyst and security researcher Dominic Alvieri first reported about the breach at the company. Hitachi Energy owns power grids and wind farms in Italy and Finland, among other locations, and offers its solutions in more than 140 countries.
A spokesperson for Hitachi Energy was not immediately available to provide additional details.
The incident came on the heels of a breach at cybersecurity software giant Rubrik, which also fell victim to attackers exploiting the same vulnerability. Rubrik, based in Palo Alto, California, is one of the industry's largest data resilience platforms. The company helps customers restore data after systems crash or get wiped by attackers (see: Rubrik Breached Via Zero-Day Attack Exploiting GoAnywhere).
Hackers used a flaw in the GoAnywhere file transfer software to access a nonproduction IT test environment at Rubrik, the company said in a data breach notification on March 14.
The vulnerability exploited by attackers is designated as CVE-2023-0669, and it exists in Windows and Linux versions of the managed file transfer software prior to 7.1.2.
Fortra, formerly known as HelpSystems, has more than 3,000 organizations as customers.
The vulnerability in GoAnywhere MFT is a pre-authentication remote code execution flaw in which attackers can exploit the flaw and remotely execute code of their choosing without having to first authenticate in the GoAnywhere MFT administrative console.
For the attack to succeed, the administrative console must be internet-exposed. The first known attacks to exploit the flaw began Jan. 25. On Feb. 1, Fortra issued a security alert and mitigation instructions. On Feb. 7, it released version 7.1.2 of GoAnywhere MFT, which patches the flaw.
The U.S. Cybersecurity and Infrastructure Security Agency and other federal agencies have urged all GoAnywhere MFT users to immediately upgrade their software or use workarounds to mitigate the vulnerability (see: Authorities Warn Healthcare Sector of Ongoing Clop Threats).