Cl0p ransomware group—which recently made news with its Linux variant—now claims that it stole data from hundreds of organizations by exploiting a zero-day RCE vulnerability in the GoAnywhere MFT secure file transfer tool.
About the attack campaign
The Cl0p group told BleepingComputer that it stole data from over 130 organizations over the course of 10 days after exploiting the bug CVE-2023-0669.
- The group was able to gain remote code execution capabilities on unpatched GoAnywhere MFT instances via the administrative console exposed to internet access.
- As per the claim, hackers could move laterally through its victims’ networks and deploy ransomware payloads to encrypt their systems.
- However, it only stole the documents stored on compromised GoAnywhere MFT servers.