Hitachi Energy confirms data breach after Clop GoAnywhere attacks

Hitachi

Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a zero-day GoAnyway zero-day vulnerability.

Hitachi Energy is a department of Japanese engineering and technology giant Hitachi focused on energy solutions and power systems. It has an annual revenue of $10 billion.

The attack was made possible by exploiting a zero-day vulnerability in the Fortra GoAnywhere MFT (Managed File Transfer), first disclosed on February 3, 2023, and now tracked as CVE-2023-0669.

1/1 Continue watching after the ad Loading PodsVisit Advertiser websiteGO TO PAGE

“We recently learned that a third-party software provider called FORTRA GoAnywhere MFT (Managed File Transfer) was the victim of an attack by the CLOP ransomware group that could have resulted in an unauthorized access to employee data in some countries,” Hitachi said in a press statement.

The firm says it responded to the incident immediately, disconnected the impacted system (GoAnywhere MFT), and initiated an internal investigation to determine the breach’s impact.

All affected employees, applicable data protection authorities, and law enforcement agencies have been informed of the security incident directly by Hitachi.

“To date, we have no information that neither our network operations nor the security or reliability of customer data have been compromised,” assures the firm’s statement.

Clop listed Hitachi yesterday on the extortion portal
Clop ransomware listed Hitachi yesterday on its extortion portal (BleepingComputer)

Impact is starting to take shape

When Fortra admitted the zero-day on for its GoAnywhere secure file-sharing product at the start of February, BleepignComputer estimated that it could have a similar impact to previous hacks that targeted a similar product, Accellion FTA, in 2021.

Back then, it was also the Clop ransomware group that took advantage of the security flaw to breach numerous high-profile organizations globally.

On February 6, 2023, an exploit for CVE-2023-0669 was publicly released, and on February 10, 2023, Clop declared that it had already breached 130 organizations leveraging the vulnerability in GoAnywhere MFT.

The first victim to confirm a breach from these attacks was healthcare giant Community Health Systems (CHS) on February 14, 2023, while fintech platform Hatch Bank followed with a similar statement on March 2, 2023.

Clop began actively extorting Fortra’s customers a few days later, adding many victims to its extortion portal and demanding ransom payments to not publicly release stolen data.

On March 14, 2023, after being added to the data leak site, cybersecurity firm Rubrik admitted they were impacted by CVE-2023-0669 exploitation but clarified that the breach only affected a non-production IT testing environment, not any customer data.


Original Source


 


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

 To keep up to date follow us on the below channels.

join
Telegram
discord
Discord
reddit
Reddit
linkedin
LinkedIn