Last Updated on 17/03/2023 by TheDigitalHacker
Hitachi Energy, a global technology and infrastructure company, has recently confirmed that it suffered a data breach due to cyberattacks from the Clop and GoAnywhere ransomware groups. This news comes after reports surfaced earlier this week that Hitachi Energy had become the latest victim of these ransomware attacks.
In response to the breach, the company released a statement acknowledging the attack and stating that it has taken measures to secure its systems and investigate the incident.
Hitachi, The company did not provide specific details about the number of affected individuals or the extent of the stolen data, they did confirm that sensitive information, including employee and customer data, had been stolen.
As is common with many data breaches, Hitachi Energy has promised to provide further updates on the incident as the investigation progresses. It is also likely that the company will take additional measures to prevent future attacks and ensure the security of its systems going forward.
How did the attack happen?
The attack happened after one of the cloud and software suppliers of Hitachi had a vulnerability in the software Fortra MFT GoAnywhere, a managed transfer file software.
Related: GoAnywere parent company Rubrik confirms data theft
A series of events due to a single vulnerability
On February 6, 2023, an exploit for CVE-2023-0669 was publicly released, and on February 10, 2023, Clop declared that it had already breached 130 organizations leveraging the vulnerability in GoAnywhere MFT.
- On February 14, 2023, the first victim to confirm a breach from these attacks was healthcare giant Community Health Systems (CHS),
- On March 2nd, 2023, the fintech platform Hatch Bank declared a similar issue.
- Clop, which is a grand of hackers, began actively extorting Fortra’s customers a few days later. The proposal was not to release stolen data in exchange for ransom.
Rubrik, On march 14th 2023, After being added to the data leak site, confirmed that there was a breach. It felt like they have been knowing this for quite some time and kept their mouth shut and claimed that only non-production IT testing environments were affected but not any customer data.