Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Hatch Bank. Show all posts

A GoAnywhere MFT hack Exposes Hatch Bank's Data Breach


 

Hackers exploited a zero-day vulnerability in Hatch Bank's internal file transfer software, allowing access to thousands of Social Security numbers from customers, according to Hatch Bank, a digital-first bank that provides infrastructure for fintech companies offering their brand credit cards. 

According to Hatch Bank, security breaches have affected almost 140,000 customers as hackers were able to access sensitive customer information from its Fortra GoAnywhere MFT secure file-sharing platform, which allows customers to access their online accounts from anywhere. 

In addition to providing small businesses with access to a variety of banking services, Hatch Bank is also a financial technology company. 

TechCrunch reported today that 139,493 of the customer data of someone impacted by a data breach had been stolen by hackers who exploited a vulnerability in GoAnywhere MFT software which was submitted to the Attorney General's office for investigation. 

Fortran experienced a cyber incident on January 29, 2023, after discovering that there was a vulnerability in their software. Based on the notification that Hatch Bank sent out, the company experienced a cyber incident. 

Fortra notified Hatch Bank of the incident on February 3, 2023, informing them that files contained on Fortra's GoAnywhere site had been compromised. According to Hatch, they were able to get hold of the data stolen and conducted a review of the data and found that the attackers had gotten hold of customer names as well as social security numbers. 

Affected customers of the bank are entitled to a free twelve-month credit monitoring service from the bank as part of their compensation package. 

Earlier this month, Community Health Systems (CHS) revealed it had suffered a data breach caused by the GoAnywhere MFT attack, making this the second confirmed breach in the past month. 

GoAnywhere Breaches Linked to Clop Ransomware

Despite Hatch Bank not disclosing which threat actor was responsible for the attack, BleepingComputer was told that the Clop ransomware gang conducted these attacks. 

Approximately 130 organizations were breached and their data was stolen. It has been claimed that Fortra's GoAnywhere MFT platform was exploited by the ransomware group to steal data for over ten days, exploiting the zero-day vulnerability in its platform. 

There is now a CVE-2023-0669 vulnerability that is being tracked and allows remote threat actors to access servers through a remote code execution vulnerability. After learning that the vulnerability in GoAnywhere was being actively exploited in attacks, GoAnywhere disclosed its vulnerability to its customers in early February. 

It was revealed that there was an exploit exploited in the platform on February 7th, only a day before it was patched. 

Fortra did not respond to our emails requesting more information about the attacks, and BleepingComputer was unable to independently confirm Clop's assertions that the attackers were behind them. 

It has been discovered that the GoAnywhere MFT was also linked to TA505, the hacking group well known for the deployment of Clop ransomware, according to Huntress Threat Intelligence Manager Joe Slowik. 

In December 2020, Clop utilized a similar tactic to steal data from companies worldwide by exploiting a zero-day vulnerability in Accellion's File Transfer Appliance (FTA) system, and the hacker was identified as Clop. 

With Accellion FTA, organizations have a secure way of sharing files with their clients, much like they would with GoAnywhere MFT. 

The Clop ransomware gang gave an ultimatum to the victims of these attacks, demanding a $10 million ransom in return. Data was intended to be protected from being published because it had been stolen. 

Numerous organizations have disclosed related breaches; Morgan Stanley, Qualys, Shell, and Kroger are a few of the most notable companies that published their reports related to the Accellion FTA attacks. Several other universities around the world, including Stanford Medicine, the University of Colorado, UCLA, and the University of Colorado-Boulder were also affected by the incident. 

In the event of a GoAnywhere MFT attack, Clop may well demand a similar ransom from those who are attacked by his code. The stolen data, however, will soon appear on the data leak site of the gang if the gang follows similar tactics in the future.