CVE-2023-0669

Vulnerability Profile Updated 3 months ago
Download STIX
Preview STIX
CVE-2023-0669 is a software vulnerability that originated in Fortra's GoAnywhere Managed File Transfer (MFT) tool, which is a secure file transfer solution. This flaw, a remote code execution (RCE) vulnerability, allows unauthorized users to execute arbitrary commands on the affected system. The Clop ransomware group leveraged this zero-day vulnerability in February 2023 to steal sensitive data from over 130 organizations, including prominent entities such as Procter & Gamble, Hitachi Energy, the city of Toronto, Community Health Systems, and Hatch Bank. The Clop ransomware group's exploitation of this vulnerability was among the most visible manifestations of cybercriminal interest in such flaws. The group successfully compromised data from around 100 victim organizations by exploiting this RCE flaw in the Fortra MFT product. The systems targeted are known to contain sensitive information, making them an attractive target for such attacks. The group continued to exploit this known vulnerability in April 2023, demonstrating its ongoing threat. In late January 2023, Clop initiated another major campaign, targeting the GoAnywhere MFT software with the same zero-day vulnerability, affecting approximately 130 organizations over a period of 10 days. This persistent exploitation of CVE-2023-0669 underscores the severity of the vulnerability and the importance of timely patching and system updates to mitigate such threats. It also highlights the need for robust cybersecurity measures to protect against similar future threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Mft
Vulnerability
Exploit
Goanywhere
Ransomware
exploited
Fortra
Remote Code ...
Zero Day
Moveit
RCE (Remote ...
Malware
exploitation
Extortion
Exploits
Terramaster
Papercut
Flashpoint
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ClopUnspecified
9
Clop is a notorious malware, short for malicious software, known for its disruptive and damaging effects on computer systems. It primarily infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Clop can steal personal information, disrupt o
LockbitUnspecified
1
LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Clop Ransomware GroupUnspecified
4
The Clop ransomware group, a threat actor in the cybersecurity realm, has been recognized for its malicious activities involving the exploitation of software vulnerabilities. These entities, which can range from individuals to government entities, are responsible for executing actions with harmful i
cl0pUnspecified
2
Cl0p is a threat actor group that has emerged as the most used ransomware in March 2023, dethroning LockBit. The group has successfully exploited zero-day vulnerabilities in the past, but such attacks are relatively rare. Recent research by Malwarebytes highlights the bias of ransomware gangs for at
AlphvUnspecified
1
AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-34362Unspecified
1
CVE-2023-34362 is a critical SQL injection vulnerability discovered in Progress Software's managed file transfer (MFT) solution known as MOVEit Transfer. This flaw in software design or implementation was first exploited by the CL0P Ransomware Gang, also known as TA505, beginning on May 27, 2023. Th
ProxynotshellUnspecified
1
ProxyNotShell is a software vulnerability, specifically a flaw in the design or implementation of Microsoft Exchange Server. It was first identified and exploited through CVE-2022-41082, as reported by Palo Alto Networks' Unit 42. The ProxyNotShell exploit method leveraged an AutoDiscover endpoint t
Source Document References
Information about the CVE-2023-0669 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
InfoSecurity-magazine
17 days ago
Ransomware Groups Prioritize Defense Evasion for Data Exfiltration
Checkpoint
2 months ago
Sharp Dragon Expands Towards Africa and The Caribbean - Check Point Research
Unit42
6 months ago
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
DARKReading
6 months ago
Fortra Discloses Critical Auth Bypass Vuln in GoAnywhere MFT
Securityaffairs
6 months ago
Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204
InfoSecurity-magazine
6 months ago
Exploit Code Released For Critical Fortra GoAnywhere Bug
Securityaffairs
6 months ago
Watch out, a new critical flaw affects Fortra GoAnywhere MFT
CERT-EU
6 months ago
Less than 1% vulnerabilities pose highest risk in 2023, finds Qualys
CERT-EU
6 months ago
The Top 10 Ransomware Groups of 2023
CERT-EU
7 months ago
Clop ransomware gang takes out dubious top spot as most prolific operator of 2023 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
7 months ago
MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Pulsedive
7 months ago
Pulsedive Blog | 2023 in Review
InfoSecurity-magazine
7 months ago
2023 Cyber Threats: 26,000+ Vulnerabilities, 97 Beyond CISA List
CERT-EU
10 months ago
Qualys Survey of Top 10 Exploited Vulnerabilities in 2023 | Qualys Security Blog
InfoSecurity-magazine
10 months ago
MGM Criticized for Repeated Security Failures
Recorded Future
a year ago
Beyond the Code: Unearthing the Subtle Business Ramifications of Six Months in Vulnerabilities
CERT-EU
a year ago
Heimdal®’s Semiannual Rundown of the Most Exploited Vulnerabilities of 2023
CERT-EU
a year ago
The MOVEit spree is as bad as — or worse than — you think it is
CERT-EU
a year ago
Can 'Mad Libs for incident response' prevent the next MOVEit
DARKReading
a year ago
Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits