Cyber Incident Victim: Hitachi Energy
Date:
Feb 2023
Location:
Japan
Summary
Hitachi Energy experienced a data breach after the Clop ransomware group exploited a zero-day vulnerability in Fortra's GoAnywhere MFT file transfer solution, potentially compromising employee data in certain regions. The company promptly disconnected the affected third-party system, launched an internal investigation with forensic experts, and notified impacted personnel alongside relevant data protection and law enforcement authorities. While unauthorized access to some employee information occurred, the firm confirmed no compromise to its operational networks, customer data security, or service reliability. This incident was part of a broader campaign by Clop targeting multiple organizations through the same vulnerability.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Hitachi Energy, a division of the Japanese conglomerate Hitachi specializing in energy solutions, confirmed a data breach in March 2023 resulting from a third-party software compromise. The incident stemmed from the exploitation of a zero-day vulnerability (CVE-2023-0669) in Fortra’s GoAnywhere Managed File Transfer (MFT) platform, first disclosed on February 3, 2023. The Clop ransomware group leveraged this vulnerability to gain unauthorized access to employee data across some of Hitachi Energy’s international operations. Upon learning of the Fortra breach, Hitachi Energy immediately disconnected the affected GoAnywhere MFT system from its network and initiated an internal investigation to assess the scope of the intrusion. The company engaged forensic IT experts to analyze the attack’s nature and confirmed that the breach impacted employee personal information in certain countries. Hitachi Energy directly notified all affected employees, provided them with support resources, and reported the incident to relevant data protection authorities and law enforcement agencies. The firm emphasized in public statements that its core network operations, customer data security, and service reliability remained uncompromised throughout the event.
The broader context of the attack revealed systemic risks, as Clop had exploited the same GoAnywhere vulnerability to target at least 130 organizations by February 10, 2023, shortly after a public exploit was released on February 6. Healthcare provider Community Health Systems (CHS) and fintech firm Hatch Bank were among the first to confirm breaches from this campaign on February 14 and March 2, respectively. Clop escalated its extortion efforts in early March, adding victims to its leak site and demanding ransoms to prevent data disclosure. Cybersecurity company Rubrik disclosed its own limited exposure via the same vulnerability on March 14, clarifying that only non-production testing environments were affected. Hitachi Energy maintained transparency about its breach timeline and containment measures but did not specify the exact number of impacted individuals or data types exfiltrated. The company continued cooperating with stakeholders and monitoring the situation as investigations progressed, underscoring its commitment to employee privacy while maintaining operational continuity.