Cybercriminals Exploit Fortra's GoAnywhere Vulnerability, Deploy Medusa Ransomware
Cybersecurity authorities have recently revealed that the notorious cybercriminal group, Storm-1175, has been exploiting a critical vulnerability in Fortra's GoAnywhere file transfer solution. The group is known for deploying the Medusa ransomware, causing significant disruption to various systems.
The vulnerability, identified as CVE-2025-10035, was discovered by Fortra on September 11. Microsoft's report, published on September 21, 2025, detailed the exploitation activity involving this bug. Upon successful exploitation, attackers can gain system and user discovery, maintain long-term access, and deploy additional tools for lateral movement and malware deployment. In one compromised environment, Medusa ransomware was successfully deployed.
WatchTowr initially warned GoAnywhere users about the vulnerability being exploited weeks before CISA's notice. After initial access, hackers used SimpleHelp and MeshAgent remote monitoring tools for lateral movement within the compromised network. CISA confirmed the vulnerability's exploitation and ordered federal civilian agencies to patch the bug by October 20.
The cybercriminal group Storm-1175 has been exploiting a critical vulnerability in Fortra's GoAnywhere solution, leading to the deployment of Medusa ransomware. With federal agencies ordered to patch the bug, it is crucial for all GoAnywhere users to apply the necessary updates to protect their systems from potential attacks.
Read also:
- Unveiling the Less-Discussed Disadvantages of Buds - Revealing the Silent Story
- "In a daring decision, Battlefield 6 forgoes ray tracing - understanding the advantages this choice brings"
- Jaguar Land Rover Saved by £1.5B UK Loan After Cyberattack Halts Production
- Dubai's WETEX 2023: Global Showcase for Clean Energy & Sustainability
