GoAnywhere MFT Vulnerability Exploited by BlackCat Group

BlackCat Group Joins Clop in Exploiting GoAnywhere MFT Security Flaw

GoAnywhere MFT Vulnerability Exploited by BlackCat Group

As cybersecurity threats continue to rise, it is crucial for businesses to ensure their systems and software are up to date with the latest patches and security protocols. However, even with the best precautions, there are still potential vulnerabilities that cybercriminals can exploit. One such vulnerability is the GoAnywhere MFT security flaw, which has recently been targeted by not just one, but two ransomware groups: Clop and BlackCat. In this article, we will discuss the latest exploit of the GoAnywhere MFT vulnerability by the BlackCat ransomware group and what businesses can do to protect themselves.

The GoAnywhere MFT is a popular and secure file transfer service used by some of the world’s biggest organizations. However, in February 2023, it was discovered that a Russian threat actor known as Clop had exploited a vulnerability in the product, now tracked as CVE-2023-0669, to infiltrate more than a hundred organizations and steal their sensitive data. Now, another threat actor, BlackCat (AKA ALPHV), has successfully leveraged the same vulnerability to target an unnamed U.S. business.

The Latest Exploitation

According to cybersecurity researchers at At-Bay, the BlackCat ransomware group targeted the U.S. business back in February 2023, using the GoAnywhere MFT vulnerability to gain access and steal sensitive data. This latest attack has raised concerns among experts, as the GoAnywhere MFT vulnerability is becoming a popular target for cybercriminals.

Goanywhere Mft Security Flaw
Goanywhere Mft Security Flaw

The Importance of Remediation

As At-Bay’s Ido Lev writes, “the vulnerability is a good example of how cybercriminals don’t just go after the most prevalent or publicly-known CVE disclosures. The most important indicator of risk isn’t just the score that’s given to the vulnerability, but how easily it can be exploited by cybercriminals in-the-wild, at scale, to achieve a desired outcome.” This means that even vulnerabilities with low scores can still be exploited by cybercriminals if they are easy to exploit.

The GoAnywhere MFT Vulnerability

The GoAnywhere MFT vulnerability exploited by both Clop and BlackCat is a zero-day remote code injection exploit, which was identified by Fortra, the company behind the product. The attack vector of this exploit requires access to the administrative console of the application, which in most cases is accessible only from within a private company network, through VPN, or by allow-listed IP addresses (when running in cloud environments, such as Azure or AWS).

Companies Affected

Among the compromised companies are Hitachi Bank, Hatch Energy, Saks Fifth Avenue, Procter & Gamble, and many more. These high-profile companies have suffered significant financial and reputational damage as a result of the data breaches.

Protection Against GoAnywhere MFT Exploits

To protect against GoAnywhere MFT exploits, researchers recommend that users make sure to apply the latest patch and get their software up to at least version 7.1.2. This will ensure that the vulnerability is no longer exploitable and that the system is secure.

The exploitation of the GoAnywhere MFT vulnerability by both Clop and BlackCat highlights the importance of staying up to date with the latest patches and security protocols. Cybercriminals are constantly evolving their tactics and techniques, and it is crucial for businesses to remain vigilant and proactive in protecting their systems and data.


TechBeams Team of seasoned technology writers with several years of experience in the field. The team has a passion for exploring the latest trends and developments in the tech industry and sharing their insights with readers. With a background in Information Technology. TechBeams Team brings a unique perspective to their writing and is always looking for ways to make complex concepts accessible to a broad audience.

Leave a Reply

Back to top button