Security giant Rubrik says hackers used Fortra zero-day to steal internal data

by Ana Lopez

Silicon Valley-based data security firm Rubrik has emerged as the latest victim of the Fortra GoAnywhere zero-day vulnerability, which has been linked to hacks targeting a hospital chain and a bank.

In a blog post published Michael Mestrovich, Rubrik’s chief information security officer, said on Tuesday that attackers gained access to the company’s non-production IT test environments as a result of the flaw in Fortra’s GoAnywhere file transfer software, which Rubrik uses for internal file sharing. facts.

This vulnerability, followed as CVE-2023-0669first came to light on February 2 after security journalist Brian Krebs publicly shared data of Fortra’s paywall security advice. Fortra released a patch for the actively exploited flaw five days later on February 7.

Mestrovich said that since learning of the mistake last month, Rubrik has conducted a “comprehensive review” of the affected data with an undisclosed third-party company, which revealed that the data accessed consists primarily of Rubrik’s internal sales information, including “certain customer and partner data”. company names, business contact information and a limited number of purchase orders from Rubrik distributors.”

“The third-party company has also confirmed that no sensitive personal information such as social security numbers, financial account numbers or payment card numbers have been released,” Mestrovich said.

Rubrik provides enterprise data management and backup services for on-premises, cloud, and hybrid networks.

In a statement, Rubrik spokesperson Najah Simmons told that the “unauthorized access did not include data that we have secured through Rubrik products on behalf of our customers.” Simmons declined to answer additional questions, such as whether Rubrik received or was notified of a request for payment.

Rubrik’s confirmation comes just hours after a listing with the company’s name appeared on the Clop ransomware gang’s dark web leak site. Examples of stolen data published by Clop and seen by are consistent with Rubrik’s statement that it consisted primarily of corporate information.

Russia-affiliated Clop gang claims to have exploited the zero-day flaw to steal data from more than 130 organizations — including Hatch Bank and Community Health Systems, which confirmed last week in a filing with the Office of the Attorney General of Maine that the hackers had access to medical billing and insurance information, diagnostic and medication data, and social security numbers.

In 2019, Rubrik suffered a security breach that exposed a massive database of customer information. An exposed server that was not password protected left tens of gigabytes of data, including customer names, contact information and records for each business customer, accessible to anyone who knew the server’s IP address.

Related Posts