![accellion file transfer appliance accellion file transfer appliance](https://i0.wp.com/lifars.com/wp-content/uploads/2021/03/Zero-days-in-Accellion-file-transfer-app-used-for-data-theft.jpg)
Now understand not everything gets UNC'd… Just the UNC numbers alone tell you how much intrusion activity this team is exposed to. The list of victims of the FTA hack is growing with each passing day, and with the investigation still ongoing, the scope of the attack may possibly be much larger than what is currently known.
![accellion file transfer appliance accellion file transfer appliance](https://i2.wp.com/www.alphr.com/wp-content/uploads/2014/11/it_photo_138943.jpg)
The attackers initially sent an extortion email as follows:
ACCELLION FILE TRANSFER APPLIANCE SOFTWARE
See Also: Russian Hackers Infected Centreon Software With Malware To Target Businesses Worldwide The Growing List of VictimsĪlthough this is not an outright ransomware attack, which involves hackers encrypting victims’ data and systems to extract a ransom, there is an element of ransom involved in exchange for the stolen data. onion website,” the firm said in a blog post. “The motivation of UNC2546 was not immediately apparent, but starting in late January 2021, several organizations that had been impacted by UNC2546 in the prior month began receiving extortion emails from actors threatening to publish stolen data on the ‘CL0P^_- LEAKS’. However, Mandiant did not detect the use of the CLOP ransomware in the extortion attempts. The listing indicated the involvement of the CLOP ransomware gang in the attack campaign. The list named those organizations whose data was accessed via exploitation of zero-day vulnerabilities in FTA. Mandiant also noticed a sharp rise in the listing of many organizations on the “CL0P^_- LEAKS” website in February. As a result, around 100 out of 300 organizations that use FTA lost some of their data to the cyber attack.
ACCELLION FILE TRANSFER APPLIANCE SERIES
True to its description, FIN11 launched a series of attacks against Accellion’s customers by exploiting multiple zero-day vulnerabilities and installing the DEWMODE web shell in FTA to exfiltrate data. “FIN11 is reminiscent of APT1 they are notable not for their sophistication, but for their sheer volume of activity,” explained Mandiant in a blog post published last year. Dubbed UNC2546 and UNC2582 by Mandiant, the hacker group exploited zero-day vulnerabilities in Accellion’s 20-year-old File Transfer Appliance (FTA) to steal sensitive data associated with a large number of organizations. Hacker group FIN11, which may be associated with the CLOP ransomware gang, exploited four zero-day vulnerabilities in Accellion’s File Transfer Appliance (FTA) to exfiltrate data associated with nearly 100 organizations who use the FTA to share files via secure channels.įireEye-owned cybersecurity firm Mandiant revealed that FIN11, a financially motivated group of cybercriminals, targeted a legacy file transfer product by Accellion, a California-based private cloud company specializing in secure file sharing and collaboration solutions.