HQ/EMEAFind out how we can help your business
Hitachi Energy recently announced a data breach incident caused by the Clop ransomware group that resulted in data loss. Based on reports, the group has exploited a GoAnywhere zero-day vulnerability to breach the company’s network.
The energy corporation explained that the Clop ransomware group stole its data using the recently revealed vulnerability in the GoAnywhere Managed File Transfer (MFT). This company is a recent addition to entities that have been victims of a large-scale campaign that uses GoAnywhere MFT devices globally.
The Hitachi Energy investigation blamed the attack on a third-party software provider.
According to investigations, Hitachi Energy learned that the third-party software provider, FORTRA, was the victim of a campaign by the Clop ransomware group that could have led to an unauthorised breach of employee data in a few nations worldwide. FORTRA is one of the vulnerable GoAnywhere MFTs.
The company has executed immediate action and started its independent investigation upon discovering the incident. Its management has also isolated the infected system and asked the assistance of forensic IT experts to analyse the classification and scope of the cyberattack.
Employees have been informed and supported by the data breach impact. Hitachi Energy has also reported the incident to relevant law enforcement authorities and has been cooperating with stakeholders.
However, the company claims the data breach campaign has not affected its network operations or the defences mechanism that secures its customer data.
Last month, separate researchers explained the zero-day vulnerability of Mastodon and emphasised that Fortra has yet to address the public regarding its deficiency. However, the private advisory published by Fortra claimed that its zero-day flaw is a remote code injection issue that compromised GoAnywhere MFT.
Therefore, attackers could only exploit the vulnerability by acquiring access to the administrative console of the app.
Networks with installed administrative consoles and management interfaces that are not accessible online are safe from exploitation. Unfortunately, cybersecurity experts have already found more than 1000 consoles that are exposed on the internet.
