"Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm"
Sustainable energy giant Hitachi Energy has recently blamed a data breach affecting employees on the exploitation of a recently disclosed zero-day vulnerability in Fortra’s GoAnywhere managed file transfer (MFT) software. Hitachi Energy said the Cl0p ransomware gang targeted the GoAnywhere product and may have gained unauthorized access to employee data in some countries. The company noted that upon learning of this event, they took immediate action and initiated their own investigation, disconnected the third-party system, and engaged forensic IT experts to help them analyze the nature and scope of the attack. Employees who may be affected have been informed. The company noted that they have notified applicable data privacy, security, and law enforcement authorities and continue cooperating with the relevant stakeholders. The company stated that it had found no evidence that its network operations and customer data had been compromised. Hitachi Energy has its global headquarters in Switzerland. The company serves organizations in the utility, industrial, and infrastructure sectors across 140 countries and employs roughly 40,000 people. The vulnerability exploited in the attack is CVE-2023-0669, a remote code execution flaw whose existence was disclosed by Fortra on February 1 after attacks exploiting it were detected. A patch was released a week later.