Jump to content

Search the Community

Showing results for tags 'accellion'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 5 results

  1. Worldwide Accellion data breaches linked to Clop ransomware gang Threat actors associated with financially-motivated hacker groups combined multiple zero-day vulnerabilities and a new web shell to breach up to 100 companies using Accellion's legacy File Transfer Appliance and steal data. The attacks occurred in mid-December 2020 and were part of attacks that involve the Clop ransomware gang and the FIN11 threat group. The file-encrypting malware was not deployed in the recent incidents, though. It appears that the actors opted for an extortion campaign. After stealing the data, they threatened victims over email with making stolen information publicly available on the Clop leak site unless a ransom was paid. BleepingComputer has been tracking these Accellion-related breaches and discovered almost a dozen victims. Among them are Singtel (Clop claims to have 73GB of data), QIMR Berghofer Medical Research Institute, Reserve Bank of New Zealand, the Australian Securities and Investments Commission (ASIC), and the Office of the Washington State Auditor ("SAO"). Additional victims include: - supermarket giant Kroger - technical services company ABS Group - law firm Jones Day - Fortune 500 science and technology corporation Danaher - geo-data specialist Fugro - the University of Colorado A press release from Accellion today says that of about 300 customers using its legacy, 20-years old File Transfer Appliance (FTA), less than 100 were victims of these attacks from Clop and FIN11, and that less “than 25 appear to have suffered significant data theft. Accellion patched the vulnerabilities and continues its mitigations efforts. The company “strongly recommends that FTA customers migrate to Kiteworks” - an enterprise content firewall platform that has a different code base, features a security architecture, and includes a segregated, secure devops process. Incident responders at FireEye Mandiant investigated these attacks for some of their customers and highlighted the collaboration between Clop ransomware and the FIN11 gang in this campaign. Both groups have worked together before. Last year, FIN11 joined the ransomware business and started to encrypt the networks of their victims using Clop. Mandiant has been tracking the recent exploitation of Accellion FTA using multiple zero-days as UNC2546. The following vulnerabilities have been discovered: - CVE-2021-27101 - SQL injection via a crafted Host header - CVE-2021-27102 - OS command execution via a local web service call - CVE-2021-27103 - SSRF via a crafted POST request - CVE-2021-27104 - OS command execution via a crafted POST request The researchers distinguish this activity from the extortion campaign, which they track as UNC2582. However, they did notice overlaps between the two and previous operations attributed to FIN11. New DEWMODE webshell planted on Accellion devices While investigating the incidents, the researchers observed that the intruders used a previously undocumented webshell that they called DEWMODE. “Mandiant determined that a common threat actor we now track as UNC2546 was responsible for this activity. While complete details of the vulnerabilities leveraged to install DEWMODE are still being analyzed, evidence from multiple client investigations has shown multiple commonalities in UNC2546's activities” The researchers reconstructed the compromise of Accellion FTAs using system logs from the breached devices, trailing the initial entry, the deployment of DEWMODE, and the follow-up interaction. The attacker used the SQL injection vulnerability to gain access and then followed with requests to additional resources. Once they obtained the necessary access level, the hackers wrote the DEWMODE web shell to the system. The role of the webshell was to extract a list of available files from a MySQL database on the FTA and to list them on an HTML page along with the accompanying metadata (file ID, path, filename, uploader, and recipient). A blog post from Mandiant today explains all the technical aspects regarding the use of the web shell and how the hackers gained access to their targets. Source: Worldwide Accellion data breaches linked to Clop ransomware gang
  2. Cybersecurity firm Qualys likely latest victim of Accellion hacks Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. In December, a wave of attacks targeted the Accellion FTA file-sharing application using a zero-day vulnerability that allowed attackers to steal files stored on the server. Since then, the Clop ransomware has been extorting these victims by posting the stolen data on their ransomware data leak site. As Accellion FTA devices are standalone servers designed to be outside the security perimeter of a network and accessible to the public, there have been no reported attacks on these devices leading to internal systems compromise. Before today, the known victims extorted by Clop include Transport for NSW, Singtel, Bombadier, geo-data specialist Fugro, law firm Jones Day, science and technology company Danaher, and technical services company ABS Group. Qualys the latest victim to be extorted Yesterday, the Clop ransomware gang posted screenshots of files allegedly belonging to the cybersecurity firm Qualys. The leaked data includes purchase orders, invoices, tax documents, and scan reports. As reported by Valery Marchive of LegMagIT and confirmed by BleepingComputer, Qualys had an Accellion FTA device located on their network. The Accellion FTA device was located at fts-na.qualys.com, and the IP address used by the server is assigned to Qualys. Qualys has since decommissioned the FTA device, with Shodan showing it was last active on February 18th, 2021. It is unknown if Clop sent ransom notes to Qualys regarding the attack, but other victims have received them in the past, according to a report by Mandiant. Ransom note sent to Accellion FTA victims It is still unclear if the Clop ransomware gang performed the attacks on Accellion FTA devices or is partnering with another group to share the files and extort victims publicly. Clop has in the past sent emails to journalists, including BleepingComputer, about new Accellion FTA victims posted to their site. BleepingComputer has contacted Qualys before publication and are awaiting an official statement. Source: Cybersecurity firm Qualys likely latest victim of Accellion hacks
  3. Flagstar Bank customer data breached through Accellion hack Like many other users, Flagstar Bank has now permanently stopped using the platform. Flagstar Bank has been added to a list of companies breached due to an Accellion software zero-day vulnerability. The bank, headquartered in Michigan, is a Flagstar Bancorp, subsidiary and provides mortgages and other financial services to US customers. In a statement posted on Flagstar Bank's website, the organization says that Accellion first informed the company of a security issue on January 22, 2021. Accellion's file-sharing program, File Transfer Appliance (FTA), is an enterprise product used to transfer large files. While now discontinued and supplanted by other software such as Kiteworks, a zero-day vulnerability in the legacy software was found in December and has since been exploited by attackers in the wild. Reported victims include Qualys, the Reserve Bank of New Zealand, the Australian Securities and Investments Commission (ASIC), and Transport for New South Wales (TfNSW). "After Accellion informed us of the incident, Flagstar permanently discontinued use of this file sharing platform," Flagstar Bank says. "Unfortunately, we have learned that the unauthorized party was able to access some of Flagstar's information on the Accellion platform and that we are one of numerous Accellion clients who were impacted." In an email sent to a customer on March 6 and viewed by ZDNet, the company says it "acted immediately to contain the threat and have engaged a team of third-party forensic experts to investigate and determine the full scope of this incident." Flagstar Bank says that operations were not impacted and the Accellion platform was "segmented" from other network elements such as core banking and mortgage systems. The financial organization has not revealed how many customers have been embroiled in the leak, or what records may have been compromised. The bank added that anyone thought to be involved will be contacted via mail and "will receive information regarding free credit monitoring services." Kroll has been hired to provide free credit monitoring tools. When a customer queried why Flagstar Bank was made aware of the breach in January and has only reached out now upon receipt of the email, the company apologized and said it "understood [their] frustration." "Investigations of this nature take time and the results are not instantaneous," the email read. "We're working as fast as we can to ensure a thorough, diligent review and are committed to providing updates as soon as we have them." Flagstar Bank declined to comment further. Source: Flagstar Bank customer data breached through Accellion hack
  4. Steris Touted as Latest Accellion Hack Victim Data belonging to a client of recently hacked California-based private cloud solutions company Accellion is being advertised for sale online by cyber-criminals. On the website Clop Leaks, ransomware gang Clop are claiming to have in their possession an unspecified amount of information belonging to the Steris Corporation. Steris is an American Ireland-registered medical equipment company specializing in sterilization and surgical products for the US healthcare system. Documents that appear to have been stolen include a confidential report about a phenolic disinfectant comparison study dating from 2018 that bears the signatures of two Steris employees— technical services manager David Shields and quality assurance analyst Jennifer Shultz. Another document appears to contain the formula for CIP neutralizer, a highly confidential trade secret owned by Steris Corporation. "Clop is known to use data stolen from one organization to attack (spear phish) others," Emsisoft's Brett Callow told Infosecurity Magazine. "This is why, for example, there was a cluster of cases in Germany. So any organization that has had dealings with one of the compromised entities should be on high alert." Steris did not immediately respond to Infosecurity Magazine's request for comment. Accellion customers have been suffering cyber-attacks since the end of 2020. Other companies that Clop claim to have stolen data from include Singtel, Jones Day, Inrix, ExecuPharm, Planatol, Software AG, Fugro, Nova Biomedical, Amey Plc, Allstate Peterbilt, Danaher, and the CSA Group. Asked what advice he would give to companies that discover their data is being hawked online, Callow said: "It really makes no sense for companies to pay to prevent the publication of their data. There have been multiple instances in which threat actors have published or otherwise misused information after their victims have paid the ransom. "In some cases, actors have even used the same data to attempt to extort companies a second time. And this is really not at all surprising. These groups are untrustworthy bad actors and it would be a mistake to assume that they will abide by their promises." Source: Steris Touted as Latest Accellion Hack Victim
  5. Shell Says It Was Impacted by Accellion Cyber Security Breach A Shell logo sits on a totem sign at a Royal Dutch Shell Plc petrol filling station in Cobham, U.K., on Wednesday, Sept. 30, 2020. Royal Dutch Shell Plc will cut as many as 9,000 jobs as Covid-19 accelerates a company-wide restructuring into low-carbon energy. Photographer: Chris Ratcliffe/Bloomberg , Bloomberg (Bloomberg) -- Royal Dutch Shell Plc was impacted by a data security incident related to using Accellion Inc.’s file-transfer software, the energy giant said in a statement dated March 16. An internal investigation has so far found that an “unauthorized party gained access to various files during a limited window of time,” Shell said. Some files contained personal data from Shell companies and their stakeholders, all of whom have been notified. California-based Accellion said in January that its file transfer appliance software had suffered a security incident with less than 50 customers being affected. Since then companies including U.S. supermarket firm Kroger Co. and Australia’s corporate regulator have been revealed as victims of the breach. Shell said there is no evidence its core IT systems were impacted as the file-transfer service is isolated from the rest of the company’s digital infrastructure. Source: Shell Says It Was Impacted by Accellion Cyber Security Breach
  • Create New...