Security News > 2021 > February > Accellion FTA attacks, extortion attempts might be the work of FIN11

Mandiant/FireEye researchers have tentatively linked the Accellion FTA zero-day attacks to FIN11, a cybercrime group leveraging CLOP ransomware to extort targeted organizations.

Accellion has also confirmed on Monday that "Out of approximately 300 total FTA clients, fewer than 100 were victims of the attack."

While Accellion has been pushing customers towards their newer and more secure platform for years, the legacy FTA solution was still used by too many organizations and some of those were hit in these attacks, including the the Australian Securities and Investments Commission, the Washington State Auditor Office, Singapore telecom Singtel, New Zealand's central bank, the University of Colorado, Law firm Jones Day, and US retailer Kroger.

What the overlaps are compelling, they say that they have insufficient evidence to attribute the Accellion FTA attacks to FIN11.

The cybersecurity authorities of the U.S., Australia, New Zealand, Singapore, and the U.K. have released a joint cybersecurity advisory regarding the Accellion FTA attacks, with technical details, IoCs and mitigation advice.

The researchers have confirmed Accellion's patches for the four vulnerabilities exploited in the attacks work as they should, and have found two additional ones in the Accellion FTA software.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/tXzkAnZd_cI/