CVE-2023-0669

Vulnerability updated 23 days ago (2024-11-29T14:50:11.290Z)
Download STIX
Preview STIX
CVE-2023-0669 is a serious software vulnerability that was identified in Fortra's GoAnywhere Managed File Transfer (MFT) secure file transfer tool. This flaw, which allowed for remote code execution, was exploited by the Clop ransomware group as a zero-day vulnerability. The group launched a major campaign exploiting this vulnerability in late January 2023, affecting approximately 130 organizations over the course of 10 days. Notably, sensitive data from these organizations, including Procter & Gamble, Hitachi Energy, the city of Toronto, Community Health Systems, and Hatch Bank, were compromised. The Clop ransomware group continued to exploit this vulnerability throughout February 2023, claiming to have stolen sensitive data from over 130 organizations. They managed to compromise data from around 100 victim organizations after exploiting the remote code execution flaw in the Fortra MFT product. The systems targeted by the group often contained sensitive information, making them an attractive target for cybercriminals. This vulnerability was one among many others that the Clop ransomware group has been exploiting in its attacks. Other vulnerabilities include the Log4Shell flaw in Apache's Log4j software, a maximum severity bug in Apache ActiveMQ server technology, and a widely exploited remote code execution flaw in Progress Software's MOVEit file transfer technology. However, the attack on the GoAnywhere MFT flaw from 2023 was one of the most visible manifestations of the group's activities.
Description last updated: 2024-08-14T09:38:17.076Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Mft
Vulnerability
Exploit
Goanywhere
Ransomware
exploited
Remote Code ...
Zero Day
Fortra
Moveit
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Clop Malware is associated with CVE-2023-0669. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitinUnspecified
9
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Clop Ransomware Group Threat Actor is associated with CVE-2023-0669. The Clop ransomware group, a malicious threat actor in the cybersecurity landscape, has been actively exploiting vulnerabilities in software to execute their attacks. The group is known for its harmful activities that involve the execution of actions with malicious intent. They could be individuals,Unspecified
4
The cl0p Threat Actor is associated with CVE-2023-0669. Cl0p is a threat actor group that has emerged as the most used ransomware in March 2023, dethroning LockBit. The group has successfully exploited zero-day vulnerabilities in the past, but such attacks are relatively rare. Recent research by Malwarebytes highlights the bias of ransomware gangs for atUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2023-34362 Vulnerability is associated with CVE-2023-0669. CVE-2023-34362 is a critical software vulnerability found in Progress Software's managed file transfer (MFT) solution, MOVEit Transfer. This flaw was an SQL injection vulnerability that allowed for escalated privileges and unauthorized access. The vulnerability became active on May 27, 2023, when itUnspecified
2
Source Document References
Information about the CVE-2023-0669 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CISA
a month ago
DARKReading
5 months ago
CISA
5 months ago
InfoSecurity-magazine
5 months ago
Checkpoint
7 months ago
Unit42
a year ago
DARKReading
a year ago
Securityaffairs
a year ago
InfoSecurity-magazine
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Pulsedive
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
Recorded Future
a year ago
CERT-EU
a year ago