CVE-2023-0669

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2023-0669 is a software vulnerability that originated in Fortra's GoAnywhere Managed File Transfer (MFT) tool, which is a secure file transfer solution. This flaw, a remote code execution (RCE) vulnerability, allows unauthorized users to execute arbitrary commands on the affected system. The Clop ransomware group leveraged this zero-day vulnerability in February 2023 to steal sensitive data from over 130 organizations, including prominent entities such as Procter & Gamble, Hitachi Energy, the city of Toronto, Community Health Systems, and Hatch Bank. The Clop ransomware group's exploitation of this vulnerability was among the most visible manifestations of cybercriminal interest in such flaws. The group successfully compromised data from around 100 victim organizations by exploiting this RCE flaw in the Fortra MFT product. The systems targeted are known to contain sensitive information, making them an attractive target for such attacks. The group continued to exploit this known vulnerability in April 2023, demonstrating its ongoing threat. In late January 2023, Clop initiated another major campaign, targeting the GoAnywhere MFT software with the same zero-day vulnerability, affecting approximately 130 organizations over a period of 10 days. This persistent exploitation of CVE-2023-0669 underscores the severity of the vulnerability and the importance of timely patching and system updates to mitigate such threats. It also highlights the need for robust cybersecurity measures to protect against similar future threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Mft
Vulnerability
Goanywhere
Exploit
Ransomware
exploited
Zero Day
Remote Code ...
Fortra
Moveit
Terramaster
Malware
exploitation
Flashpoint
Papercut
Extortion
RCE (Remote ...
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ClopUnspecified
9
Clop is a malicious software (malware) designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. T
LockbitUnspecified
1
LockBit is a significant malware operation, first surfacing in September 2019 and becoming one of the most active ransomware groups by 2022. Operating under a Ransomware-as-a-Service (RaaS) model, LockBit recruited affiliates to execute attacks using its tools and infrastructure. From its first obse
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Clop Ransomware GroupUnspecified
4
The Clop ransomware group, a malicious threat actor, has been identified as a significant cybersecurity concern due to their exploitation of zero-day vulnerabilities and execution of high-profile attacks. The group is particularly known for its mass exploitation of a major vulnerability in Progress
cl0pUnspecified
2
Cl0p is a threat actor group that has emerged as the most used ransomware in March 2023, dethroning LockBit. The group has successfully exploited zero-day vulnerabilities in the past, but such attacks are relatively rare. Recent research by Malwarebytes highlights the bias of ransomware gangs for at
AlphvUnspecified
1
AlphV, also known as BlackCat, is a significant threat actor in the cybersecurity landscape. In 2023, they were responsible for approximately 9.7% of total leak site posts, second only to other prominent ransomware groups. They notably stole 5TB of data from Morrison Community Hospital, and it's est
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-34362Unspecified
1
CVE-2023-34362 is a critical SQL injection vulnerability discovered in Progress Software's managed file transfer (MFT) solution known as MOVEit Transfer. This flaw in software design or implementation was first exploited by the CL0P Ransomware Gang, also known as TA505, beginning on May 27, 2023. Th
ProxynotshellUnspecified
1
ProxyNotShell is a software vulnerability, specifically a flaw in the design or implementation of Microsoft Exchange Server. It was first identified and exploited through CVE-2022-41082, as reported by Palo Alto Networks' Unit 42. The ProxyNotShell exploit method leveraged an AutoDiscover endpoint t
Source Document References
Information about the CVE-2023-0669 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
InfoSecurity-magazine
5 months ago
Exploit Code Released For Critical Fortra GoAnywhere Bug
CERT-EU
a year ago
GoAnywhere MFT Zero-Day Exploitation Linked to Ransomware Attacks
CERT-EU
a year ago
【資安日報】2023年2月7日,勒索軟體針對義大利組織的VMware ESXi發動攻擊、中國駭客組織假借歐盟名義散布惡意軟體PlugX
Malwarebytes
a year ago
Rubrik is latest victim of the Clop ransomware zero-day campaign
Securityaffairs
5 months ago
Watch out, a new critical flaw affects Fortra GoAnywhere MFT
CSO Online
a year ago
Clop ransomware gang exploits the MOVEit Transfer vulnerability to steal data
SANS ISC
a year ago
InfoSec Handlers Diary Blog - SANS Internet Storm Center
CERT-EU
a year ago
Community Health Systems reports GoAnywhere hacked | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker - National Cyber Security
CERT-EU
a year ago
2023 Ransomware Attacks: First-Quarter Highlights
CERT-EU
a year ago
Links 11/02/2023: Zstandard 1.5.4 Released and Red Hat Promotes Microsoft
Securityaffairs
a year ago
City of Toronto is one of the victims hacked by Clop gang using GoAnywhere zero-day
CERT-EU
a year ago
#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability – Cyber Safe NV
CERT-EU
a year ago
X-Force Prevents Zero Day from Going Anywhere
CERT-EU
a year ago
Ransomware prolific in first quarter of 2023 – report
Checkpoint
23 days ago
Sharp Dragon Expands Towards Africa and The Caribbean - Check Point Research
CERT-EU
6 months ago
MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
a year ago
Snail-paced patching of Fortra GoAnywhere MFT flaw observed
CERT-EU
a year ago
3 Prominent Data Security Risks in the Finance Industry
CERT-EU
a year ago
Ransom paid by California county following sheriff's office cyberattack
CERT-EU
a year ago
Cybersecurity threatscape: Q1 2023