“Notably, GoAnywhere was targeted by the Cl0p ransomware group last year, leveraging a zero-day vulnerability (CVE-2023-0669), to compromise data from several organisations. The group, claiming to have stolen data from “over 130 organisations” demonstrated a particular focus on file transfer solutions like GoAnywhere along with several others including Accellion File Transfer Appliance and Progress Software’s MOVEit Transfer solution. There’s a potential that CIop and other ransomware groups may exploit this new vulnerability in upcoming attacks, especially since a public proof-of-concept exploit is available.
“Historically, once a public proof-of-concept has been released, we see an uptick in exploit scanning activity, searching for vulnerable instances, which often escalates into mass exploitation.
“Organisations that use GoAnywhere MFT are strongly encouraged to apply the available patch as soon as possible. In cases where immediate patching isn’t feasible, there are mitigation instructions that can be applied to thwart exploitation attempts.” – Satnam Narang, Senior Staff Research Engineer, Tenable.