HQ/EMEAFind out how we can help your business
The recent report about Fortra GoAnywhere’s zero-day vulnerability attack from threat actors has affected another company that utilises its secure file transfer after a cybersecurity firm ‘Rubrik’ revealed a data breach incident on their infrastructure.
The cybersecurity company released a statement about the news, saying that the zero-day flaw attack on GoAnywhere MFT devices allowed malicious actors to access one of their non-production IT testing environments.
Rubrik ensured customers that their sensitive data were not impacted.
Since the hack on the cybersecurity firm only affected a limited part of their non-production IT testing environment, customers’ data were safe from hackers. Furthermore, the company’s investigations revealed that the unauthorised entities did not steal critical data they secured for their clients from any Rubrik products.
It is also worth noting that the breach did not result in the malicious actors spreading laterally across the company’s internal systems. Thus, the incident was immediately contained, and the affected testing environment was also taken offline.
On the other hand, before the cybersecurity company disclosed the incident to its customers, the notorious Cl0p ransomware group added them to its list of victims in a data leak site. The Cl0p group posted some samples of the alleged stolen files from Rubrik, which will be leaked soon should the company refuse to comply with their demands.
Based on the shared screenshots, the Cl0p operators allegedly stole Rubrik’s internal company data, such as employee names, email addresses, and locations.
Cl0p had also taken responsibility for all the attacks stemming from the Forta GoAnywhere zero-day flaw abuse to support their claims of hacking the cybersecurity firm. Moreover, the threat group claimed to have breached over 130 companies in a span of ten days.
The most recent attacks documented against companies affected by the Forta GoAnywhere zero-day flaw abuse were Hatch Bank and Community Health Systems (CHS).
As the patch for the Forta GoAnywhere zero-day flaw is still in the works, companies worldwide that utilise the service must employ strong cybersecurity measures to protect themselves against attacks.
