HQ/EMEAFind out how we can help your business
Procter & Gamble (P&G) revealed that a data breach incident from an identified group of threat actors had impacted its employees. According to the consumer goods company, the cybersecurity intrusion became successful because of the GoAnywhere zero-day vulnerability.
Fortunately, the threat actors did not acquire P&G’s employees’ financial and social security platforms. However, the attackers manage to exfiltrate limited data.
P&G joins the list of recently breached entities through the GoAnywhere vulnerability.
Based on reports, P&G is the latest company that suffered security indicted due to Fortra’s GoAnywhere flaw. The investigation revealed that an unauthorised user harvested some credentials about their employees.
However, the company claimed no evidence that the breach could affect customer data. After uncovering the cybersecurity incident, the company stopped using Fortra’s GoAnywhere file-sharing services.
On the other hand, the Clop ransomware group disclosed that it exploited the GoAnywhere vulnerability (CVE-2023-0669) as a zero-day to infiltrate and exfiltrate data from the secure storage servers of over 100 organisations worldwide.
Additionally, the group claimed they had stolen troves of data in just ten days after exploiting the bug to breach internet-exposed servers.
Some experts believe that the Clop operators could have accessed further data within their targets, but the group claimed that they only stole the credentials within their victims’ flawed file-sharing platforms.
Clop started extorting their GoAnywhere attacks’ victims earlier this month after adding seven more companies to its data leak website.
About six entities confirmed that they had been a victim of an attack due to GoAnywhere vulnerability. The CHS, Rubrik, Hitachi Energy, Saks Fifth Avenue, Hatch Bank, and the City of Toronto, Canada, confirmed that they had been the subject of a Clop ransomware attack.
The ransomware operators introduced themselves as the ‘Clop hacker group’ on the ransom notes sent to their victims. The ransom notes warned about the stolen sensitive information, ready to be exposed by the attackers online and on leak sites if the victims do not want to negotiate.
