According to cybersecurity giant Rapid7, attackers are currently actively exploiting a zero-day vulnerability in Fortra’s GoAnywhere enterprise data transmission tool.

GoAnywhere MFT is a file transfer management product that provides automation and security for organizations. This web tool is used by dozens of large companies and educational institutions in the United States.

File sharing platforms such as GoAnywhere MFT are easy targets for hackers because of the data they can contain and their ubiquity in organizations. For example, the vulnerabilities of another similar service, Accellion, repeatedly used to attack financial and government institutions, universities and corporations. The popular FileZen is also repeatedly became a target of hackers in recent years.

On Wednesday, February 1, Fortra published a report on its client portal explaining that the vulnerability is related to remote code injection, and that hackers need access to the administrator console to successfully exploit the vulnerability. The security patch has not yet been released by the company, so the vulnerability is still relevant at the time of publication of this news.

The company warned customers that if their organization’s GoAnywhere administrative console is now available online, they are strongly encouraged to contact Fortra support as a matter of urgency to set up secure access to the console for select sources only.

Security expert Kevin Beaumont shared search results on the Shodan platform: over 1,000 vulnerable instances of administrative consoles were identified, which could be accessed from the Internet.

Fortra advises GoAnywhere MFT customers to check the list of users with administrative access, and also to check if new unknown users have appeared on the system.