Hitachi Energy, a department of Japanese engineering and technology giant Hitachi, confirmed a data breach after the Clop ransomware gang exploited a zero-day vulnerability in Fortra GoAnywhere MFT (Managed File Transfer). The vulnerability, first disclosed on February 3, 2023, is tracked as CVE-2023-0669. Hitachi Energy said in a press statement, "We recently learned that a third-party software provider called FORTRA GoAnywhere MFT (Managed File Transfer) was the victim of an attack by the CLOP ransomware group that could have resulted in unauthorized access to employee data in some countries." The company responded by disconnecting the impacted system and initiating an internal investigation. Affected employees, data protection authorities, and law enforcement agencies were informed directly by Hitachi. The firm assured that, to date, there is no information suggesting that network operations, security, or customer data have been compromised.
The zero-day vulnerability in Fortra GoAnywhere MFT was first disclosed at the beginning of February 2023. It was estimated that the impact could be similar to previous hacks that targeted Accellion FTA in 2021, where the Clop ransomware group also took advantage of a security flaw to breach numerous high-profile organizations globally. On February 6, 2023, an exploit for CVE-2023-0669 was publicly released, and on February 10, 2023, Clop announced that it had already breached 130 organizations using the vulnerability. The first victim to confirm a breach from these attacks was healthcare giant Community Health Systems (CHS) on February 14, 2023, followed by fintech platform Hatch Bank on March 2, 2023.
Clop began actively extorting Fortra's customers a few days later, adding many victims to its extortion portal and demanding ransom payments to not publicly release stolen data. On March 14, 2023, cybersecurity firm Rubrik admitted they were impacted by CVE-2023-0669 exploitation but clarified that the breach only affected a non-production IT testing environment, not any customer data. As Hitachi Energy is the latest company to confirm a data breach following the Clop ransomware attack, it highlights the ongoing threat posed by ransomware groups and the importance of addressing vulnerabilities in third-party software.