Security giant Rubrik says hackers used Fortra zero-day to steal internal data

Share to friends
Listen to this article

Silicon Valley-based knowledge safety firm Rubrik has come ahead as the most recent sufferer of the Fortra GoAnywhere zero-day vulnerability, which has been linked to hacks focusing on a hospital chain and a financial institution.

In a weblog post printed on Tuesday, Rubrik’s chief information safety officer Michael Mestrovich said that attackers had gained entry to the corporate’s non-production IT testing environments on account of the flaw in Fortra’s GoAnywhere file-transfer software program, which Rubrik makes use of for sharing inner knowledge.

This vulnerability, tracked as CVE-2023-0669, first got here to mild on February 2 after safety journalist Brian Krebs publicly shared particulars of Fortra’s paywalled safety advisory. Fortra released a patch for the actively-exploited flaw 5 days afterward February 7.

Mestrovich said that since studying of the flaw last month, Rubrik carried out a “comprehensive review” of the affected knowledge with an unnamed third-party agency, which discovered that the info accessed primarily consists of Rubrik inner gross sales information, together with “certain customer and partner company names, business contact information, and a limited number of purchase orders from Rubrik distributors.”

“The third-party firm has also confirmed that no sensitive personal data such as Social Security numbers, financial account numbers, or payment card numbers were exposed,” Mestrovich said.

Rubrik offers enterprise knowledge administration and backup providers throughout on-premise, cloud and hybrid networks.

In an announcement, Rubrik spokesperson Najah Simmons told TechCrunch that the “unauthorized access did not include any data we secure on behalf of our customers via any Rubrik products.” Simmons declined to reply any additional questions, comparable to whether or not Rubrik has acquired or been made aware of a requirement for fee.

Rubrik’s affirmation comes simply hours after an inventory naming the corporate appeared on the darkish net leak website of the Clop ransomware gang. Samples of stolen knowledge printed by Clop, and seen by TechCrunch, align with Rubrik’s assertion that it comprised of largely company information.

The Russia-linked Clop gang claims to have exploited the zero-day flaw to steal knowledge from more than 130 organizations — together with Hatch Bank, and Community Health Systems, which last week confirmed in a filing with the Maine lawyer common’s office that the hackers accessed medical billing and insurance coverage information, diagnostic and medicines knowledge, and Social Security numbers.

Back in 2019, Rubrik suffered a safety lapse that uncovered a large database of buyer information. An uncovered server that wasn’t protected with a password left tens of gigabytes of information, together with buyer names, contact information and casework for every company buyer, accessible to anybody who knew the IP tackle of the server.

Ransomware gang makes use of new zero-day to steal knowledge on 1 million sufferers

Security giant Rubrik says hackers used Fortra zero-day to steal inner knowledge by Carly Page initially printed on TechCrunch