Researchers have identified a set of threat actors (dubbed UNC2546 and UNC2582) with connections to the FIN11 and the Clop ransomware gang as the cybercriminal group behind the global zero-day attacks on users of the Accellion legacy File Transfer Appliance product. Click to Register Multiple Accellion FTA customers, including the Jones Day Law Firm, Kroger and Singtel, have all been attacked by the group, receiving extortion emails threatening to publish stolen data on the “CL0P^_- LEAKS” .onion website, according to an investigation from Accellion and FireEye Mandiant. Around 100 companies have been victims of the attack, analysts found, with around 25 suffering “significant data theft.” No ransomware was used in the attacks. “Notably, the number of victims on the “CL0P^_- LEAKS” shaming website has increased in February 2021 with organizations in the United States, Singapore, Canada and the Netherlands recently outed by these threat actors,” according to the Mandiant findings, issued on Monday. 4 Accellion FTA Zero-Days As noted, the point of entry for the attacks was Accellion FTA, a 20-year-old legacy product used by large corporations around the world. Accellion said that it became aware of a zero-day security vulnerability in FTA in mid-December, which it scrambled to patch quickly. But that turned out to be just one of a cascade of zero-days in the platform that the company discovered only after they came under attack from cyber-adversaries. “This initial incident…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-02-22 12:51:002021-02-22 12:51:00Accellion FTA Zero-Day Attacks Tied to Clop, FIN11
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com