Breach, Content

Hackers Exploit Accellion FTA for Data Theft, Extortion

Cybercriminals have exploited Accellion File Transfer Appliance (FTA) zero-day vulnerabilities to steal and extort data from various global organizations, according to FireEye. The news comes after Accellion earlier this month said it patched all known FTA vulnerabilities exploited by cybercriminals.

Several organizations have issued warnings following Accellion FTA breaches, including:

  • KrogerThe U.S. supermarket chain last week said some of its customers and employees may have had their data compromised by a malicious third-party that exploited a vulnerability in Accellion FTA.
  • Reserve Bank of New ZealandHackers breached the Reserve Bank of New Zealand's Accellion FTA service to share information with external stakeholders.
  • SingtelSingtel temporarily suspended use of Accellion's FTA system after it was attacked by unidentified hackers.
  • University of Colorado Boulder: Cybercriminals used Accellion FTA vulnerabilities to breach the school's Office of Information Technology (OIT); files available on OIT's system were exposed during the attack.

Malicious actors began to exploit zero-day vulnerabilities in Accellion FTA in mid-December, FireEye noted. They used the vulnerabilities to install the DEWMODE web shell.

In late January, organizations that had been impacted by Accellion FTA attacks the month prior began to receive extortion emails from malicious actors, FireEye stated. Malicious actors used these emails to threaten to publish stolen data from victims.

How Should Organizations Respond to Accellion FTA Cyberattacks?

Accellion is encouraging FTA customers to migrate to kiteworks for file sharing, CISO Frank Balonis said. It has accelerated its FTA end-of-life plans and continues to explore ways to assist customers affected by the cyberattacks.

In addition, Accellion has patched FTA vulnerabilities known to be exploited by threat actors, FireEye said. It also has added new monitoring and alerting capabilities to flag anomalies associated with these attack vectors.

FireEye is performing penetration testing and code review of the current version of the Accellion FTA product, the company indicated. To date, FireEye has not found any other critical vulnerabilities in the product.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.