Its developer is Fortra (formerly known as HelpSystems), the outfit behind the widely abused Cobalt Strike threat emulation tool.

"I could provide a working PoC(compare hash and time of my tweet) to my teammates within hours on the same day to protect our clients first," Hauser said.

However, a Shodan scan shows that almost 1,000 GoAnywhere instances are exposed on the Internet, although just over 140 are on ports 8000 and 8001 (the ones used by the vulnerable admin console).

The company is yet to publicly acknowledge this remote pre-authentication RCE security flaw exploited in attacks (to read the advisory, you need to create a free account first) and hasn't released security updates to address the vulnerability, thus leaving all exposed installations vulnerable to attacks.

Fortra also recommends taking the following measures after mitigation in environments with suspicion or evidence of an attack:

Review audit logs and delete any suspicious admin and/or web user accounts Contact support via the portal https://my.goanywhere.com/, email goanywhere.support@helpsystems.com, or phone 402-944-4242 for further assistance.