Cybercriminals exploited a deserialization vulnerability in Fortra’s GoAnywhere MFT to deploy Medusa ransomware, using it as a pivot into targeted networks. The attack, attributed to Storm-1175, highlights risks associated with file transfer infrastructure and remote access tools. #CVE202510035 #Storm1175
Keypoints
- The CVE-2025-10035 vulnerability involves unsafe deserialization in GoAnywhere MFT’s License Servlet.
- Attacker group Storm-1175 used this flaw for initial access and lateral movement within networks.
- Following access, attackers deployed remote administration tools and escalated privileges to expand control.
- The vulnerability has ties to previous 2023 exploits, showing ongoing targeting of GoAnywhere platforms.
- Detection relies on monitoring network artifacts like unusual HTTP POSTs, webshell files, and suspicious Java processes.
Read More: https://thecyberexpress.com/medusa-ransomware-via-goanywhere-0-day/