Supply chain
β Supply Chain
BleepingComputer / Fortra / CISA
Primary Source βIncident Details
Cl0p exploited zero-day RCE in Fortra GoAnywhere MFT admin portal. ~130 organizations breached over 10 days in January 2023. Cl0p named 100+ victims on leak site through March 2023. Major victims: Hitachi Energy, Procter & Gamble, Rubrik, Community Health Systems, Hatch Bank, City of Toronto, Saks Fifth Avenue, Crown Resorts. Unusually, Cl0p did not deploy ransomware locker; pure data theft and extortion. Fortra initially shared advisory only with customers privately; Bleepingcomputer first reported publicly Feb 2.
Technical Details
- Initial Attack Vector
- CWE-78: OS Command Injection (pre-auth RCE in GoAnywhere MFT admin interface)
- Vendor / Product
- Fortra GoAnywhere MFT
- Software Package
GoAnywhere MFT- CVE / GHSA References
- CVE-2023-0669
- Supply Chain Attack
- β Confirmed third-party / vendor compromise
Timeline
- 2023-01-18 Breach occurred
- 2023-02-01 Publicly disclosed
- 2023-03-10 Customers notified