The vendor belatedly admitted the max-severity vulnerability was actively exploited weeks after researchers and officials confirmed as much independently.

Researchers said malicious activity dates back to early July and active exploitation was observed two months ago.

Multiple researchers and CISA have confirmed active exploitation of the maximum-severity defect. Fortra, the company behind the file-transfer service, remains silent.

The notorious ransomware group exploited multiple vulnerabilities, including a zero-day, for at least eight weeks before alleged victims received extortion demands.

The emails, which are littered with broken English, aim to instill fear, apply pressure, threaten public exposure and seek negotiation for a ransom payment.

Researchers tell CyberScoop that notorious ransomware group Clop may be behind the email barrage.

Silas Cutler, principal security researcher at Census

Researchers said Thalha Jubair was a principal operator, leading or directing many attacks attributed to the hacker subset of The Com since 2022.

Officials accused the teenage boy of working with Scattered Spider, which attacked MGM Resorts and Caesars Entertainment in 2023.

One suspect faces separate charges in the United States linking him to at least 120 cyberattacks.