Multiple researchers and CISA have confirmed active exploitation of the maximum-severity defect. Fortra, the company behind the file-transfer service, remains silent.
The notorious ransomware group exploited multiple vulnerabilities, including a zero-day, for at least eight weeks before alleged victims received extortion demands.
The emails, which are littered with broken English, aim to instill fear, apply pressure, threaten public exposure and seek negotiation for a ransom payment.