Security News > 2021 > February > Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks

Cybersecurity researchers on Monday tied a string of attacks targeting Accellion File Transfer Appliance servers over the past two months to data theft and extortion campaign orchestrated by a cybercrime group called UNC2546.

The attacks, which began in mid-December 2020, involved exploiting multiple zero-day vulnerabilities in the legacy FTA software to install a new web shell named DEWMODE on victim networks and exfiltrating sensitive data, which was then published on a data leak website operated by the CLOP ransomware gang.

In a twist, no ransomware was actually deployed in any of the recent incidents that hit organizations in the U.S., Singapore, Canada, and the Netherlands, with the actors instead resorting to extortion emails to threaten victims into paying bitcoin ransoms.

FireEye's Mandiant threat intelligence team, which is leading the incident response efforts, is tracking the follow-on extortion scheme under a separate threat cluster it calls UNC2582 despite "Compelling" overlaps identified between the two sets of malicious activities and previous attacks carried out by a financially motivated hacking group dubbed FIN11.

Besides urging its FTA customers to migrate to kiteworks, Accellion said fewer than 100 out of 300 total FTA clients were victims of the attack and that less than 25 appear to have suffered "Significant" data theft.

Transport for New South Wales became the latest entity to confirm that it had been impacted by the worldwide Accellion data breach.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/qTSTdR5byVQ/hackers-exploit-accellion-zero-days-in.html