Hitachi Energy Confirms Security Breach as Clop Ransomware Targets Company in Cyber Attack

Hitachi Energy has confirmed that it experienced a data breach that resulted in the theft of its data by the Clop ransomware group, which exploited a GoAhead zero-day vulnerability.

Hitachi Energy is a subsidiary of the Japanese engineering and technology conglomerate, Hitachi, which specializes in energy solutions and power systems. The company generates an annual revenue of $10 billion.

At this time, it is unclear whether Hitachi Energy was targeted for a ransom or if any of its services were disrupted as a result of the cyber attack. Despite the alleged incident, the company’s website remains accessible.

Hitachi has issued an official statement acknowledging the security incident, stating that a third-party software provider named FORTRA GoAnywhere MFT (Managed File Transfer) was targeted in an attack by the Clop ransomware group. The statement further notes that the attack may have resulted in unauthorized access to employee data in certain countries.

According to Hitachi’s statement, the company responded promptly to the incident by disconnecting the affected system, FORTRA GoAnywhere MFT, and launching an internal investigation to assess the extent of the breach’s impact.

Hitachi has stated that it notified all impacted employees, relevant data protection authorities, and law enforcement agencies of the security incident directly.

In its statement, Hitachi has provided reassurance that, as of the time of the statement, the company has no information to suggest that either its network operations or the security and reliability of customer data has been compromised in the breach.

Fortra disclosed the existence of the zero-day vulnerability in its GoAnywhere secure file-sharing product at the beginning of February. At that time, security publication BleepingComputer speculated that the impact of the vulnerability could be comparable to the recent Accellion FTA hacks that occurred in 2021.

On March 14, 2023, cybersecurity firm Rubrik confirmed that it had been impacted by the exploitation of CVE-2023-0669, after being added to the data leak site. However, the company clarified that the breach was limited to a non-production IT testing environment and did not affect any customer data.