Cybersecurity solutions for enterprises, including routers, firewalls, and VPNs, are designed to safeguard corporate networks from unauthorized access and cybercriminals—an increasingly critical function in an era where remote and hybrid working models dominate.
However, despite being marketed as protective mechanisms, many of these tools have repeatedly been discovered to harbor software vulnerabilities that enable malicious actors to breach the very networks they were meant to secure.
These vulnerabilities have been implicated in a surge of mass-hacking incidents in recent years, with attackers exploiting these relatively simple-to-manipulate security gaps to infiltrate the networks of numerous organizations and extract sensitive business information.
We have compiled a concise overview of notable mass hacks and will refresh this article as additional incidents are reported.
January 2023: Fortra File Transfer Software Breach Impacts 130 Organizations
A significant early incident of this decade involved a prominent ransomware group that took advantage of a vulnerability in Fortra’s GoAnywhere managed file transfer solution, utilized by businesses for sharing large files and sensitive data online. The infamous Clop ransomware gang exploited this zero-day vulnerability, impacting over 130 organizations and compromising the personal data of millions. Fortra had no chance to resolve the issue before it was attacked. Clop subsequently released data stolen from organizations that chose not to meet the hackers’ ransom demands. Among those affected were Hitachi Energy, the security firm Rubrik, and Florida-based health technology organization NationBenefits, which suffered the theft of data belonging to over three million members.
May 2023: MOVEit Vulnerabilities Result in Theft of Data from 60 Million Individuals
The breach involving MOVEit ranks among the largest data breaches ever, as cybercriminals exploited flaws in another widely adopted file transfer program from Progress Software. The Clop ransomware group claimed responsibility for the attacks, which compromised data belonging to over 60 million individuals, as reported by cybersecurity firm Emsisoft. Maximus, a major contractor for U.S. government services, was the most significant victim, with hackers gaining access to protected health information for nearly 11 million people.
October 2023: Cisco Zero-Day Vulnerability Exposes Thousands of Routers to Takeovers
Hacking incidents persisted in the latter half of 2023, with cybercriminals exploiting an unaddressed zero-day vulnerability in Cisco’s networking software throughout October. This flaw allowed for the compromise of tens of thousands of devices that depend on Cisco technology, including enterprise switches, wireless controllers, access points, and industrial routers. The vulnerability provided attackers with “complete control over the affected devices.” Though Cisco did not disclose the number of its customers impacted, Censys, a search engine for internet-connected devices, indicated that nearly 42,000 compromised devices were visible on the internet.
November 2023: Ransomware Group Takes Advantage of Citrix Vulnerability
In November 2023, Citrix NetScaler, a platform utilized by large enterprises and governmental bodies for application delivery and VPN support, became an additional target for mass hacks. The vulnerability, termed “CitrixBleed,” enabled the LockBit ransomware group, linked to Russian interests, to extract confidential information from affected NetScaler installations belonging to high-profile companies such as Boeing, Allen & Overy, and the Industrial and Commercial Bank of China.
January 2024: Chinese Hackers Leverage Ivanti VPN Vulnerabilities to Breach Companies
Ivanti, a software company, became synonymous with mass breach incidents when state-sponsored hackers from China targeted two significant zero-day vulnerabilities in its Connect Secure VPN solution. Despite Ivanti’s assertion that only a small number of customers were affected, cybersecurity company Volexity reported that over 1,700 Ivanti devices worldwide were exploited, impacting industries including aerospace, finance, defense, and telecommunications. U.S. agencies operating vulnerable Ivanti systems were instructed to promptly decommission the systems. The exploitation of these vulnerabilities has since been associated with the espionage group known as Salt Typhoon, which has recently been linked to breaches at multiple U.S. telecommunications firms.
February 2024: Bugs in ConnectWise Remote Access Tool Lead to Customer Breaches
In February 2024, hackers targeted two “easily exploitable” vulnerabilities within ConnectWise ScreenConnect, a widely-used remote access solution for IT support professionals. Cybersecurity firm Mandiant observed significant exploitation of these flaws, with various threat actors utilizing them to deploy password stealers, backdoors, and, in some cases, ransomware.
Ivanti Customers Targeted Again with New Vulnerabilities
Ivanti made headlines once more in February 2024 as attackers exploited another vulnerability in its highly-utilized enterprise VPN appliance. The Shadowserver Foundation informed TechCrunch that it had noted over 630 unique IP addresses attempting to exploit this flaw, which enables unauthorized access to systems purportedly secured by Ivanti’s offerings.
November 2024: Vulnerabilities in Palo Alto Firewalls Endanger Thousands of Companies
Later in 2024, hackers compromised potentially thousands of enterprises by exploiting two zero-day vulnerabilities present in products from the cybersecurity leader Palo Alto Networks, utilized by organizations globally. Issues in PAN-OS, which operates on all of Palo Alto’s next-generation firewalls, enabled attackers to infiltrate networks and extract sensitive information. According to researchers from watchTowr Labs, the vulnerabilities stemmed from fundamental errors within the development cycle.
December 2024: Clop Targets Cleo Software Users
In December 2024, the Clop ransomware group turned its attention to another popular file transfer solution, exploiting weaknesses in Cleo Software tools to target numerous clients. By early January 2025, Clop claimed to have compromised about 60 Cleo-affiliated companies, including renowned names like U.S. supply chain software leader Blue Yonder and German manufacturing powerhouse Covestro. By the end of January, Clop added another 50 victims to its dark web leak site.
January 2025: New Year Brings Fresh Vulnerabilities in Ivanti
The start of 2025 was marked by another breach, with Ivanti informing customers in early January that hackers had begun exploiting a new zero-day vulnerability in its enterprise VPN appliance to infiltrate corporate networks. Ivanti indicated that a “limited number” of clients were affected, but did not provide further details. Meanwhile, Shadowserver Foundation reported a significant number of compromised systems in their data.
Fortinet Firewall Vulnerabilities Discovered to Be Exploited Since December
Shortly after Ivanti’s warning, Fortinet confirmed that hackers had also been targeting a vulnerability within its FortiGate firewalls to breach the networks of their corporate and enterprise clientele. This flaw had reportedly been “mass exploited” as a zero-day vulnerability since at least December 2024, according to cybersecurity research firms. Though Fortinet did not disclose the extent of the impact, security researchers noted that it affected “tens” of devices.
SonicWall Reports Remote Breaches of Customer Networks
January 2025 continued to witness hacker activity exploiting vulnerabilities in enterprise security software. In late January, SonicWall reported that unidentified hackers were targeting a newly discovered vulnerability in one of its enterprise solutions to breach customer networks. Microsoft threat researchers identified the issue affecting SonicWall’s SMA1000 remote access appliance, confirming that it is “actively exploited in the wild.” While SonicWall has not indicated the number of its affected clients or if it possesses the technical capacity to assess this, given that over 2,300 devices are exposed to the internet, this vulnerability could lead to a significant mass hack in 2025.
Compiled by Techarena.au.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
