Ransomware Strikes Again: Fortra GoAnywhere Vulnerability Exploited by Chinese Hackers!
Chinese ransomware group Storm-1175 turned Fortra GoAnywhere MFT into a zero-day buffet, exploiting a deserialization flaw for remote code execution. With a CVSS score of 10/10, this flaw was like a backstage pass to hacking heaven. Now, the only thing more elusive than the attackers’ private keys is Fortra’s updated advisory.
Hot Take:
Oh, the drama! Fortra’s GoAnywhere MFT feels like it’s in a cyber episode of “Who Dunnit?” with a mysterious Chinese ransomware group, Storm-1175, stealing the show. The plot twist? It’s all about a tiny flaw that turned into a massive headache. If this were a blockbuster movie, it’d be called “The Zero-Day Exploitation: Rise of the Bugs.”
Key Points:
- Fortra’s GoAnywhere MFT hit by a vulnerability tracked as CVE-2025-10035, with a perfect 10/10 CVSS score.
- Chinese ransomware group Storm-1175 exploited it as a zero-day since September 11.
- RCE achieved using forged license response signatures, deploying RMM tools and ransomware.
- Fortra hasn’t updated its advisory despite evidence and warnings from cybersecurity firms.
- Success of the exploitation hinges on attackers accessing a ‘serverkey1’ private key.
Already a member? Log in here