Cl0p ransomware group—which recently made news with its Linux variant—now claims that it stole data from hundreds of organizations by exploiting a zero-day RCE vulnerability in the GoAnywhere MFT secure file transfer tool.
About the attack campaign
- The group was able to gain remote code execution capabilities on unpatched GoAnywhere MFT instances via the administrative console exposed to internet access.
- As per the claim, hackers could move laterally through its victims’ networks and deploy ransomware payloads to encrypt their systems.
- However, it only stole the documents stored on compromised GoAnywhere MFT servers.