Security News > 2021 > February > Five Eyes members warn of Accellion FTA extortion attacks
Four members of Five Eyes, in collaboration with Singapore as an active contributor, have issued a joint security advisory about ongoing attacks and extortion attempts targeting organizations using the Accellion File Transfer Appliance.
Besides providing indicators of compromise and mitigation measures for those who still use the vulnerable Accellion FTA software, the alliance members also warned of attackers extorting breached orgs under the threat of leaking sensitive information stolen from the Accellion appliance.
The attackers behind this ongoing extortion campaign have leveraged four vulnerabilities affecting the Accellion FTA software to target the company's customers.
If malicious activity is identified, obtain a snapshot or forensic disk image of the system for subsequent investigation, then: Consider conducting an audit of Accellion FTA user accounts for any unauthorized changes, and consider resetting user passwords.
Reset any security tokens on the system, including the "W1" encryption token, which may have been exposed through SQL injection... Update Accellion FTA to version FTA 9 12 432 or later.
Among companies impacted by ongoing attacks targeting Accellion FTA vulnerabilities, BleepingComputer has reported incidents affecting the supermarket giant Kroger, Singtel, QIMR Berghofer Medical Research Institute, Reserve Bank of New Zealand, the Australian Securities and Investments Commission, and the Office of the Washington State Auditor.