Cybercriminals have exploited Accellion File Transfer Appliance (FTA) zero-day vulnerabilities to steal and extort data from various global organizations, according to FireEye. The news comes after Accellion earlier this month said it patched all known FTA vulnerabilities exploited by cybercriminals.
Several organizations have issued warnings following Accellion FTA breaches, including:
- Kroger: The U.S. supermarket chain last week said some of its customers and employees may have had their data compromised by a malicious third-party that exploited a vulnerability in Accellion FTA.
- Reserve Bank of New Zealand: Hackers breached the Reserve Bank of New Zealand's Accellion FTA service to share information with external stakeholders.
- Singtel: Singtel temporarily suspended use of Accellion's FTA system after it was attacked by unidentified hackers.
- University of Colorado Boulder: Cybercriminals used Accellion FTA vulnerabilities to breach the school's Office of Information Technology (OIT); files available on OIT's system were exposed during the attack.
Malicious actors began to exploit zero-day vulnerabilities in Accellion FTA in mid-December, FireEye noted. They used the vulnerabilities to install the DEWMODE web shell.
In late January, organizations that had been impacted by Accellion FTA attacks the month prior began to receive extortion emails from malicious actors, FireEye stated. Malicious actors used these emails to threaten to publish stolen data from victims.
How Should Organizations Respond to Accellion FTA Cyberattacks?
Accellion is encouraging FTA customers to migrate to kiteworks for file sharing, CISO Frank Balonis said. It has accelerated its FTA end-of-life plans and continues to explore ways to assist customers affected by the cyberattacks.
In addition, Accellion has patched FTA vulnerabilities known to be exploited by threat actors, FireEye said. It also has added new monitoring and alerting capabilities to flag anomalies associated with these attack vectors.
FireEye is performing penetration testing and code review of the current version of the Accellion FTA product, the company indicated. To date, FireEye has not found any other critical vulnerabilities in the product.