CVE-2023-0669

Vulnerability updated 3 months ago (2024-08-14T10:18:17.343Z)

Download STIX

Preview STIX

CVE-2023-0669 is a serious software vulnerability that was identified in Fortra's GoAnywhere Managed File Transfer (MFT) secure file transfer tool. This flaw, which allowed for remote code execution, was exploited by the Clop ransomware group as a zero-day vulnerability. The group launched a major campaign exploiting this vulnerability in late January 2023, affecting approximately 130 organizations over the course of 10 days. Notably, sensitive data from these organizations, including Procter & Gamble, Hitachi Energy, the city of Toronto, Community Health Systems, and Hatch Bank, were compromised. The Clop ransomware group continued to exploit this vulnerability throughout February 2023, claiming to have stolen sensitive data from over 130 organizations. They managed to compromise data from around 100 victim organizations after exploiting the remote code execution flaw in the Fortra MFT product. The systems targeted by the group often contained sensitive information, making them an attractive target for cybercriminals. This vulnerability was one among many others that the Clop ransomware group has been exploiting in its attacks. Other vulnerabilities include the Log4Shell flaw in Apache's Log4j software, a maximum severity bug in Apache ActiveMQ server technology, and a widely exploited remote code execution flaw in Progress Software's MOVEit file transfer technology. However, the attack on the GoAnywhere MFT flaw from 2023 was one of the most visible manifestations of the group's activities.

Description last updated: 2024-08-14T09:38:17.076Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Mft

Vulnerability

Exploit

Goanywhere

Ransomware

exploited

Remote Code ...

Zero Day

Fortra

Moveit

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Clop Malware is associated with CVE-2023-0669. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitin	Unspecified	9

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Clop Ransomware Group Threat Actor is associated with CVE-2023-0669. The Clop ransomware group, a malicious threat actor in the cybersecurity landscape, has been actively exploiting vulnerabilities in software to execute their attacks. The group is known for its harmful activities that involve the execution of actions with malicious intent. They could be individuals,	Unspecified	4
The cl0p Threat Actor is associated with CVE-2023-0669. Cl0p is a threat actor group that has emerged as the most used ransomware in March 2023, dethroning LockBit. The group has successfully exploited zero-day vulnerabilities in the past, but such attacks are relatively rare. Recent research by Malwarebytes highlights the bias of ransomware gangs for at	Unspecified	2

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2023-34362 Vulnerability is associated with CVE-2023-0669. CVE-2023-34362 is a critical software vulnerability found in Progress Software's managed file transfer (MFT) solution, MOVEit Transfer. This flaw was an SQL injection vulnerability that allowed for escalated privileges and unauthorized access. The vulnerability became active on May 27, 2023, when it	Unspecified	2

Source Document References

Information about the CVE-2023-0669 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CISA	6 days ago	2023 Top Routinely Exploited Vulnerabilities \| CISA
DARKReading	4 months ago	Feds Warn of North Korean Cyberattacks on US Critical Infrastructure
CISA	4 months ago	North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs \| CISA
InfoSecurity-magazine	4 months ago	Ransomware Groups Prioritize Defense Evasion for Data Exfiltration
Checkpoint	6 months ago	Sharp Dragon Expands Towards Africa and The Caribbean - Check Point Research
Unit42	10 months ago	Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
DARKReading	10 months ago	Fortra Discloses Critical Auth Bypass Vuln in GoAnywhere MFT
Securityaffairs	10 months ago	Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204
InfoSecurity-magazine	10 months ago	Exploit Code Released For Critical Fortra GoAnywhere Bug
Securityaffairs	10 months ago	Watch out, a new critical flaw affects Fortra GoAnywhere MFT
CERT-EU	10 months ago	Less than 1% vulnerabilities pose highest risk in 2023, finds Qualys
CERT-EU	10 months ago	The Top 10 Ransomware Groups of 2023
CERT-EU	10 months ago	Clop ransomware gang takes out dubious top spot as most prolific operator of 2023 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
Pulsedive	a year ago	Pulsedive Blog \| 2023 in Review
InfoSecurity-magazine	a year ago	2023 Cyber Threats: 26,000+ Vulnerabilities, 97 Beyond CISA List
CERT-EU	a year ago	Qualys Survey of Top 10 Exploited Vulnerabilities in 2023 \| Qualys Security Blog
InfoSecurity-magazine	a year ago	MGM Criticized for Repeated Security Failures
Recorded Future	a year ago	Beyond the Code: Unearthing the Subtle Business Ramifications of Six Months in Vulnerabilities
CERT-EU	a year ago	Heimdal®’s Semiannual Rundown of the Most Exploited Vulnerabilities of 2023