Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Ransomware

Data Security Firm Rubrik Targeted With GoAnywhere Zero-Day Exploit

Cybersecurity firm Rubrik has confirmed being hit by the GoAnywhere zero-day exploit after the Cl0p ransomware group named the company on its leak website.

Cloud data management and data security firm Rubrik has confirmed being targeted in an attack exploiting a recent GoAnywhere zero-day vulnerability after a ransomware group named the company on its leak website.

Fortra, previously known as HelpSystems, alerted users of its GoAnywhere managed file transfer (MFT) software on February 1 about a zero-day remote code injection exploit. The company released a patch for the vulnerability, tracked as CVE-2023-0669, roughly one week later.

The attacks were quickly linked to a financially motivated threat group known for conducting attacks involving the Cl0p (Clop) ransomware. The hackers exploited the vulnerability to gain access to the information of GoAnywhere customers, which they plan on using to extort victims. 

Soon after the attacks came to light, the ransomware gang’s representatives told Bleeping Computer that more than 130 organizations were hit through the GoAnywhere zero-day exploit.

However, only a handful of victims have come forward to date. The list includes California-based digital bank Hatch Bank and healthcare provider Community Health Systems. 

California-based Rubrik has now also confirmed getting hacked after being named by the Cl0p ransomware group on its Tor-based leak website. 

Michael Mestrovich, Rubrik’s CISO, said in a statement on Tuesday that the company detected unauthorized access to a “limited amount of information” in one of its non-production IT testing environments. 

Rubrik’s investigation, conducted with assistance from outside experts, has not found evidence that data secured on behalf of customers has been compromised. There is also no evidence of lateral movement to other systems.

Advertisement. Scroll to continue reading.

“Rubrik has been conducting a thorough, comprehensive review of the involved data in partnership with a third-party firm,” Mestrovich said. “The involved data mainly consists of Rubrik internal sales information, which includes certain customer and partner company names, business contact information, and a limited number of purchase orders from Rubrik distributors. The third-party firm has also confirmed that no sensitive personal data such as social security numbers, financial account numbers, or payment card numbers were exposed.”

In the case of Hatch Bank, the information of roughly 140,000 customers was compromised and the bank is facing class action lawsuits over the incident. 

Community Health Systems, which is one of the largest healthcare providers in the US, estimated that as many as one million patients may have been impacted.  

In addition to Rubrik, the Cl0p group has added Hatch Bank to its leak website. It’s unclear if any other organizations currently listed on their site have been breached through the GoAnywhere attack.

For Hatch Bank and Rubrik, the cybercriminals published several screenshots showing the type of data they have obtained. They have suggested that more data will be leaked unless their demands are met. 

Rubrik ransomware attack

Related: Microsoft SmartScreen Zero-Day Exploited to Deliver Magniber Ransomware

Related: Ransomware Group Claims Theft of Valuable SpaceX Data From Contractor

Related: CISA Program Warns Critical Infrastructure Organizations Vulnerable to Ransomware Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.