The Clop ransomware gang claims to be behind recent attacks that exploited a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, saying they stole data from over 130 organizations.
The security flaw, now tracked as CVE-2023-0669, enables attackers to gain remote code execution on unpatched GoAnywhere MFT instances with their administrative console exposed to Internet access.
Clop reached out to BleepingComputer and told us that they had allegedly stolen the data over the course of ten days after breaching servers vulnerable to exploits targeting this bug.
They also claimed that they could move laterally through their victims’ networks and deploy ransomware payloads to encrypt their systems but decided against it and only stole the documents stored on the compromised GoAnywhere MFT servers.
The gang refused to provide proof or share additional details regarding their claims when BleepingComputer asked them when the attacks began, if they’d already started extorting their victims, and what ransoms they were asking for.
