![accellion file transfer appliance accellion file transfer appliance](https://www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/images/blog/Accellion%20Patches%20Four%20Vulnerabilities%20in%20File%20Transfer%20Appliance_Image%201.png)
- #Accellion file transfer appliance upgrade#
- #Accellion file transfer appliance software#
- #Accellion file transfer appliance download#
Singtel says that about 130,000 customers may have had their names, dates of birth, mobile numbers and addresses exposed in the cyber attack. It has since upgraded that estimate to “ fewer than 100,” though it also claims that no more than 25 of these customers suffered theft of data.
![accellion file transfer appliance accellion file transfer appliance](https://i0.wp.com/www.alphr.com/wp-content/uploads/2014/11/it_photo_138940.jpg)
When the first reports of cyber attacks came out in January, it initially estimated that fewer than 50 of these clients were impacted. These groups are not believed to be state-sponsored given the long history of being financially motivated.Īccellion has about 300 clients that still use FTA. There may be ties to another unknown group identified by FireEye as FIN11, which was active from 2018 to 2020 targeting a wide variety of banking, retail and hospitality organizations both groups used CL0P^_- LEAKS to shame targets that won’t pay up, and they have shared certain IP addresses and email accounts. The identity of the attackers is unknown, but there are ties to the Clop group in the use of their ransomware and the doxxing of some victim organizations that failed to pay a ransom on the “CL0P^_- LEAKS” dark web site.
#Accellion file transfer appliance download#
The group’s hallmark is the use of a new web shell called DEWMODE that it installs via a SQL injection vulnerability and uses to execute remote commands, download files and deliver ransomware.
#Accellion file transfer appliance upgrade#
These have been patched as of FTA version 9_12_432, but the rapid development of new exploits after the first was spotted in December (plus the looming product end of life in April) should really accelerate any plans to upgrade to newer software.įireEye has linked that initial December cyber attack, along with more recent attacks, to an unknown threat actor it is calling UNC2546.
#Accellion file transfer appliance software#
At least four vulnerabilities in the file transfer software are being actively exploited. The CISA advisory, which should be mandatory reading for anyone still running FTA, contains a concise summary of the situation. Cyber attacks on FTA file transfer system result in ransomware, stolen personal data Organizations in at least five countries are believed to have been compromised by this spree of cyber attacks, and a pattern of ransomware attempts points to several different threat actors with ties to the Clop ransomware gang.įTA is scheduled for end-of-life soon, but the US Cybersecurity & Infrastructure Security Agency (CISA) has issued a joint advisory with cybersecurity authorities of Australia, New Zealand, Singapore and the UK warning anyone who has yet to move away from it as to the scope of the threat. Among the bigger names suffering data breaches due to FTA are United States grocery giant Kroger, Singapore telecom industry leader Singtel, the Australian Securities and Investments Commission (ASIC), and the University of Colorado. A new report from cybersecurity firm Mandiant, a subsidiary of FireEye, has mapped out recent cyber attacks against FTA and finds it is likely that more organizations have been compromised than Accellion initially estimated.