Rubrik confirms attack exploiting GoAnywhere zero-day vulnerability

Rubrik, a cloud data management and security provider, has confirmed that it fell victim to an attack exploiting a GoAnywhere zero-day vulnerability. Rubrik was named on the leak website of the ransomware group Cl0p. In early February, Fortra, previously known as HelpSystems, had warned its GoAnywhere managed file transfer software users about a remote code injection exploit, which was patched about a week later.

The hackers had exploited the vulnerability to gain access to information about GoAnywhere customers, which they planned to use to extort victims. Representatives from Cl0p had claimed that more than 130 organizations had been affected through the GoAnywhere zero-day exploit.

Although Rubrik’s investigation found no evidence that data was compromised for its customers or that there was any lateral movement to other systems, Michael Mestrovich, Rubrik’s CISO, said that the company had detected unauthorized access to a “limited amount of information” in one of its non-production IT testing environments. After conducting a thorough review with the assistance of third-party experts, it has been found that the data in question primarily comprised internal sales information, such as the names of customers and partner companies, business contact details, and a restricted number of purchase orders from Rubrik distributors. Fortunately, no sensitive personal data, such as social security numbers, financial account numbers, or payment card numbers, were compromised.