Hitachi Energy has confirmed that it suffered a data breach after the Clop ransomware gang stole data using a GoAnyway zero-day vulnerability.
Hitachi Energy is a division of Japanese engineering and technology giant Hitachi focused on energy solutions and power systems. It has an annual income of $10 billion.
The attack was made possible by exploiting a zero-day vulnerability in Fortra GoAnywhere MFT (Managed File Transfer), first communicated on February 3, 2023and now tracked as CVE-2023-0669.
“We recently learned that a third-party software provider called FORTRA GoAnywhere MFT (Managed File Transfer) fell victim to an attack by ransomware group CLOP which may have led to unauthorized access to employee data in certain countries,” said Hitachi in a Press statement.
The company says it immediately responded to the incident, took the affected system offline (GoAnywhere MFT) and launched an internal investigation to determine the impact of the breach.
All affected employees, applicable data protection authorities and law enforcement agencies have been notified of the security incident directly by Hitachi.
“To date, we have no information that neither our network operations nor the security or reliability of customer data have been compromised,” the firm’s statement said.
The impact is starting to take shape
When Fortra admitted day zero for its GoAnywhere secure file sharing product in early February, BleepignComputer believed it could have a similar impact to previous hacks that targeted a similar product, Accellion FTA, in 2021.
At the time, it was also the Clop ransomware group that took advantage of the security breach to breach many prominent organizations around the world.
On February 6, 2023, an exploit for CVE-2023-0669 was released. releasedand on February 10, 2023, Clop said he had already violated 130 organizations take advantage of the vulnerability in GoAnywhere MFT.
The first victim to confirm a breach of these attacks was healthcare giant Community Health Systems (CHS) on February 14, 2023, while the fintech platform hatch bank followed by a similar statement on March 2, 2023.
Clop started actively extort Fortra customers days later, adding numerous victims to its extortion portal and demanding ransom payments for not publicly disclosing the stolen data.
On March 14, 2023, after being added to the data leak site, the cybersecurity company Rubrik admitted to being impacted by exploit CVE-2023-0669, but clarified that the breach only affected a non-production IT test environment, not customer data.