Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a zero-day GoAnyway zero-day vulnerability.
Hitachi Energy is a department of Japanese engineering and technology giant Hitachi focused on energy solutions and power systems. It has an annual revenue of $10 billion.
The attack was made possible by exploiting a zero-day vulnerability in the Fortra GoAnywhere MFT (Managed File Transfer), first disclosed on February 3, 2023, and now tracked as CVE-2023-0669.
“We recently learned that a third-party software provider called FORTRA GoAnywhere MFT (Managed File Transfer) was the victim of an attack by the CLOP ransomware group that could have resulted in an unauthorized access to employee data in some countries,” Hitachi said in a press statement.
The firm says it responded to the incident immediately, disconnected the impacted system (GoAnywhere MFT), and initiated an internal investigation to determine the breach’s impact.
All affected employees, applicable data protection authorities, and law enforcement agencies have been informed of the security incident directly by Hitachi.
“To date, we have no information that neither our network operations nor the security or reliability of customer data have been compromised,” assures the firm’s statement.
Impact is starting to take shape
When Fortra admitted the zero-day on for its GoAnywhere secure file-sharing product at the start of February, BleepignComputer estimated that it could have a similar impact to previous hacks that targeted a similar product, Accellion FTA, in 2021.
Back then, it was also the Clop ransomware group that took advantage of the security flaw to breach numerous high-profile organizations globally.
On February 6, 2023, an exploit for CVE-2023-0669 was publicly released, and on February 10, 2023, Clop declared that it had already breached 130 organizations leveraging the vulnerability in GoAnywhere MFT.
The first victim to confirm a breach from these attacks was healthcare giant Community Health Systems (CHS) on February 14, 2023, while fintech platform Hatch Bank followed with a similar statement on March 2, 2023.
Clop began actively extorting Fortra’s customers a few days later, adding many victims to its extortion portal and demanding ransom payments to not publicly release stolen data.
On March 14, 2023, after being added to the data leak site, cybersecurity firm Rubrik admitted they were impacted by CVE-2023-0669 exploitation but clarified that the breach only affected a non-production IT testing environment, not any customer data.
