Australia’s gambling and entertainment giant Crown Resorts, disclosed a data breach caused by the exploitation of recently discovered GoAnywhere zero-day.
Australian casino giant Crown Resorts disclosed a data breach after the attack of the Cl0p ransomware group. The group claims to have stolen sensitive data from over 130 organizations by exploiting a zero-day vulnerability (CVE-2023-0669) in Fortra’s GoAnywhere MFT secure file transfer tool, BleepingComputer reported.
The Australian casino giant is one of the victims of this campaign. The incident took place in January, but the company disclosed the data breach this week.
“We were recently contacted by a ransomware group who claim they have illegally obtained a limited number of Crown files. We are investigating the validity of this claim as a matter of priority.” reads the statement published by the company on March 27, 2023. “We can confirm no customer data has been compromised and our business operations have not been impacted. We are continuing to work with law enforcement and have notified our gaming regulators as part of the ongoing investigation and will provide relevant updates, as necessary.”
The Cl0p ransomware group added Crown Resorts to the list of victims published on its Tor leak site.
Some of the organizations that were hacked by exploiting the GoAnywhere zero-day are Atos, City of Toronto, Community Health Systems, Hatch Bank, Hitachi Energy, Procter & Gamble, Rio Tinto, Rubrik, and Virgin Red.
[출처 : SecurityAffairs / 3.29.]