Hitachi Energy confirms employee data leak after CL0p attack

Hitachi Energy faces zero-day vulnerability breach by Goanywhere Group

Hitachi Energy has fallen victim to a zero-day vulnerability breach in the Fortra Goanywhere Mft product by the CL0p group, a well-known hacking entity. The vulnerability in question is CVE-2023-0669, which earned a 7.2 severity score on the Common Vulnerability Scoring System.

The breach saw the hackers using the zero-day vulnerability to access Hitachi’s internal systems, prompting the energy company to shut down the affected system swiftly. An internal investigation has since been launched to determine the extent of the breach and the amount of data stolen.

The CL0p group made Hitachi aware of the breach on their site, prompting the company to inform all affected employees, relevant data protection authorities, and law enforcement agencies.

The Goanwhere MFT product Fortra – which has been found to have the vulnerability – has been a point of focus for the CL0P gang recently, with the group stating that they’ve managed to abduct data from over 130 companies.

Hitachi Energy is now part of the growing list of companies facing extortion from the CL0P group. The energy company has yet to make a statement on whether they plan on paying the ransom or not, but the incident highlights the growing concern of cybercrimes targeting businesses worldwide.

/Reports, release notes, official announcements.