Company Comunity Health Systems (CHS) indicated its statement dated 13 February, which was influenced by a recent wave of attacks, organized by the hacker group Clop. Attacks were aimed at the zero day’s vulnerability in the Goanywhere MFT file transfer platform from Fortra. The investigation showed that as a result of data leakage, personal and medical information of almost a million patients suffered.
“Although this investigation is still ongoing, the company believes that the attacks did not affect any of the company’s information systems and that there were no significant failures in the company’s business operations, including assistance to patients. As for personal and medical information , as a result of hacking, according to the company’s estimates, this attack could attend about a million people, ”the ChS said in a statement. The company also added that it would offer services to protect against theft of personal data and notify all the victims whose information was disclosed as a result of a hack.
CHS is a leading supplier of medical services, which manages 79 subsidiaries of emergency care hospitals and over a thousand other points of medical care throughout the United States.
The Clop extortionist gang, although she took responsibility for the Val, did not provide any evidence or additional details regarding her attacks. However, one of the employees of Huntress discovered relations between the attacks of Goanywhere MFT and TA505, a group known in the past introduced CLOP robbers programs. Therefore, it is unlikely that hackers are trying to deceive someone.
If Clop will follow his usual extortion strategy, probably in the near future it is worth waiting for the massive drain of those companies that refused to pay money ransom to attackers.
Fortra, which developed Goanywhere MFT, told its clients that the new zero-day vulnerability under the identifier CVE-2023-0669 is actively used in the wild (itW). Fortra very quickly released safety updates after POC exploits appeared on the network are usually classified and called by: type of vulnerability that they use; whether they are local or remote; as well as the result of the start of exploit (for example, EOP, DOS, Spulting). One of the schemes offering explosion of zero day is Exploit-A-A-Service.