Security News > 2021 > February > Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks
Cybersecurity researchers on Monday tied a string of attacks targeting Accellion File Transfer Appliance servers over the past two months to data theft and extortion campaign orchestrated by a cybercrime group called UNC2546.
The attacks, which began in mid-December 2020, involved exploiting multiple zero-day vulnerabilities in the legacy FTA software to install a new web shell named DEWMODE on victim networks and exfiltrating sensitive data, which was then published on a data leak website operated by the CLOP ransomware gang.
In a twist, no ransomware was actually deployed in any of the recent incidents that hit organizations in the U.S., Singapore, Canada, and the Netherlands, with the actors instead resorting to extortion emails to threaten victims into paying bitcoin ransoms.
FireEye's Mandiant threat intelligence team, which is leading the incident response efforts, is tracking the follow-on extortion scheme under a separate threat cluster it calls UNC2582 despite "Compelling" overlaps identified between the two sets of malicious activities and previous attacks carried out by a financially motivated hacking group dubbed FIN11.
Besides urging its FTA customers to migrate to kiteworks, Accellion said fewer than 100 out of 300 total FTA clients were victims of the attack and that less than 25 appear to have suffered "Significant" data theft.
Transport for New South Wales became the latest entity to confirm that it had been impacted by the worldwide Accellion data breach.
News URL
Related news
- Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (source)
- Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs (source)
- North Korean hackers exploit Chrome zero-day to deploy rootkit (source)
- North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit (source)
- Microsoft fixes 6 zero-days under active attack (source)
- Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks (source)
- Cybercriminals exploit file sharing services to advance phishing attacks (source)
- Windows driver zero-day exploited by Lazarus hackers to install rootkit (source)
- Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America (source)
- Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (source)