Security News > 2021 > February > Worldwide Accellion data breaches linked to Clop ransomware gang
The attacks occurred in mid-December 2020 and involved the Clop ransomware gang and the FIN11 threat group.
After we reported on the Singtel breach earlier this month, the Clop gang contacted us and stated that they stole 73 GB of data as part of their attack.
"In its press release, Accellion says there were 300 customers using its legacy, 20-years old File Transfer Appliance. Of these customers, less than 100 were victims of the attacks from Clop and FIN11, and that less"than 25 appear to have suffered significant data theft.
Incident responders at FireEye Mandiant investigated these attacks for some of their customers and highlighted the collaboration between Clop ransomware and the FIN11 gang in this campaign.
Last year, FIN11 joined the ransomware business and started to encrypt the networks of their victims using Clop.
Another connection is an IP address used to communicate with DEWMODE web shell, which is assigned to Fortunix Networks L.P., a network that FIN11 uses frequently for one of their malware downloaders tracked as FRIENDSPEAK. Mandiant says that the connection between FIN11 and UNC2546 in the Accellion breaches are "Compelling" but the the relationship is still under assessment, which explains why the researchers are tracking the threats separately.