Security Organization Rubrik Affected by the GoAnywhere Zero-day Attacks
Rubrik Confirms Data Breach After Hackers Publish a Sample.
Rubrik, the cybersecurity giant, confirmed a data breach. The incident was caused by a large-scale attack using a zero-day vulnerability in the Fortra GoAnywhere platform. GoAnywhere is a secure data transfer business solution for encrypted files.
The announcement comes after the Clop ransomware published a sample of the stolen data. Organizations use Rubrik cloud data management service for data backup, recovery services, and disaster recovery solutions.
Details About the Rubrik Data Breach
We detected unauthorized access to a limited amount of information in one of our non-production IT testing environments as a result of the GoAnywhere vulnerability. Importantly, based on our current investigation, being conducted with the assistance of third-party forensics experts, the unauthorized access did NOT include any data we secure on behalf of our customers via any Rubrik products.
With the help of a third-party firm, the company established that the thread actors did not move laterally. And the affected data consists of internal sales details (customer and partner company names, business contact information, and some of the purchase orders from Rubrik distributors). Social security numbers, financial account numbers, and payment card numbers are safe.
Security specialists took the corrupted environment offline, contained the data breach, and then restored the test environment.
The Forta GoAnywhere Attacks
Forta GoAnywhere attacks affected over 100 organizations worldwide earlier this year. The Clop ransomware gang claims to be behind them, using a zero-day vulnerability to leak data. Forta released a patch for the exploited vulnerability in February 2023.
The cybercriminals posted a sample of Rubrik’s data and announced that soon they will publish all the stolen information. The gang is sending extortion messages to pressure the victims while they add them to the site.
One of the listed victims, Hatch Bank, already disclosed a data breach from the attacks, stating that the attackers stole customers’ names and social security numbers.