Another giant company fell victim to bad actors exploiting a vulnerability in the Fortra GoAnywhere Managed File Transfer systems. Crown Resorts, the largest gambling and leisure company in Australia, has confirmed that a ransomware gang contacted them, claiming to have access to some of the company's data.
GoAnywhere Zero-Day Vulnerability Allows Bad Actors to Steal Data From Several Organizations
As reported by Bleeping Computer, the group behind the exploitation of the Crowns Resorts data breach is the Clop ransomware gang. The gang started with file encryption, but its operations have become more ambitious over the years as it is now targeting large companies to extort money after illegally obtaining their data.
Even though Crowns Resorts confirmed Clop's extortion attempt, the company said that the ransomware group doesn't look to have a hold on customer data. At this point, the company recognizes that the data stolen by the group from their networks are "limited."
As per Crown Resorts' statement regarding the data breach issue, there is no evidence that the data breach affected the company's customers.
"We were recently contacted by a ransomware group who claim they have illegally obtained a limited number of Crown files," the statement reads. "We are investigating the validity of this claim as a matter of priority. We can confirm no customer data has been compromised, and our business operations have not been impacted."
The Clop ransomware group was able to steal data by exploiting a GoAnywhere zero-day vulnerability. In February, the gang made claims that it was able to steal data from 130 companies by using this vulnerability.
The said zero-day vulnerability in the Fortra GoAnywhere MFT system was identified as CVE-2023-0669. The group claimed to have stolen sensitive data ten days after using the bug to get access to the servers of different organizations.
GoAnywhere released a security advisory on the zero-day vulnerability in the MFT system, saying that the group utilizing the security flaw should have "access to the administrative console of the application, which in most cases is accessible only from within a private company network, through VPN, or by allow-listed IP addresses."
Related Article: City of Toronto Suffers Cyber Attack from Clop Ransomware Group
How Bad Actors Use Stolen Data From Big Companies
Crown Resorts, a Blackstone-owned firm, operates big establishments in Melbourne, Perth, Sydney, Macau and London, with annual revenue exceeding $8 billion. The company is not the sole Australian organization targeted by ransomware attacks, as a data breach at Latitude Group compromised the driver's license numbers of 8 million people in Australia and New Zealand.
Rio Tonto, a mining company and also an Australian entity, was also contacted by bad actors threatening to release stolen data from the company. The data is said to include payroll information of their employees, according to Gambling News. As of now, it has only remained a threat as the stolen data has not been released to the public yet. The mining giant is still verifying the claims of the ransomware gang, although Rio Tonto recognizes that some of its data "may be impacted."