Executive Summary In late 2020 and early 2021, Globalscape , a Texas-based software company specializing in managed file transfer (MFT) solutions, suffered a sophisticated cyberattack. Attackers exploited a zero-day vulnerability in Globalscape’s flagship product, Enhanced File Transfer (EFT) , to deploy ransomware, exfiltrate sensitive data, and disrupt operations for both Globalscape and its downstream customers. The incident highlighted the cascading risks of MFT software—critical infrastructure for moving data—and the fine line between a software vendor’s internal breach and a supply chain compromise. Timeline of the Incident | Date (Approx.) | Event | |----------------|-------| | Late Dec 2020 | Threat actors identify a zero-day vulnerability in Globalscape EFT (later assigned CVE-2021-22991 ). | | Early Jan 2021 | Attackers deploy Cuba ransomware inside Globalscape’s own corporate network. | | Mid-Jan 2021 | Globalscape’s internal EFT server is encrypted; customer file transfers disrupted. | | Feb 2021 | Globalscape privately notifies affected enterprise customers. Public disclosure occurs weeks later. | | March 2021 | Security researchers confirm the vulnerability also impacts older EFT versions used by hundreds of organizations globally. | | April 2021 | CISA issues an alert urging all users of Globalscape EFT to patch immediately. | Technical Root Cause: CVE-2021-22991 The breach was enabled by a critical authentication bypass vulnerability in Globalscape EFT versions prior to 8.0.1.19. The flaw resided in the HTTP administration interface (port 8000/tcp by default). An unauthenticated remote attacker could send a specially crafted request to the admin endpoint, bypassing login controls entirely.