Cybercriminals Exploit Fortra's GoAnywhere Bug, Deploy Medusa Ransomware
Cybercriminals have been exploiting a vulnerability in Fortra's GoAnywhere file transfer solution, using the Medusa ransomware. The cybersecurity firm watchTowr had warned users about the vulnerability weeks before the Cybersecurity and Infrastructure Security Agency (CISA) issued a notice.
Microsoft observed the exploitation of the vulnerability on September 11, the same day Fortra discovered the bug. The Medusa ransomware is believed to be distributed by the cybercriminal group Storm-1175, which has been active since September 2025. This group is known for exploiting vulnerabilities in software like GoAnywhere MFT.
Since 2021, the Medusa ransomware has been used to attack over 300 organizations in critical infrastructure sectors, according to CISA and the FBI. After initial access, hackers used remote monitoring tools SimpleHelp and MeshAgent for lateral movement within the compromised network. Fortra initially warned the public about the bug on September 18 but did not disclose if it was being exploited by cybercriminals.
CISA confirmed the vulnerability, CVE-2025-10035, has been exploited and ordered federal civilian agencies to patch it by October 20. The vulnerability allows attackers to gain initial access, perform system and user discovery, and deploy additional tools for lateral movement and malware. The cybercriminal group Storm-1175 is attributed to the exploitation activity and is known for deploying Medusa ransomware.
Read also:
- Web3 gaming platform, Pixelverse, debuts on Base and Farcaster networks
- Goodyear in 2025: Advancement in Total Mobility through the Launch of Kmax Gen-3 by Goodyear
- Boston Metal pioneers route to commercial production for eco-friendly steel method
- Electric SUV Showdown: Vinfast VF6 or MG Windsor EV - Your Choice Revealed
