Energy Giant Shell Is Latest Victim of Accellion Attacks

2021-03-23 14:16

Energy giant Royal Dutch Shell is the latest victim of a series of attacks on users of the Accellion legacy File Transfer Appliance product, which already has affected numerous companies and been attributed to the FIN11 and the Clop ransomware gang.

"Attackers"gained access to "Various files" containing personal and company data from both Shell and some of its stakeholders, acknowledged the company.

Shell, the fifth largest company in the world, also revealed several of its global petrochemical and energy company affiliates were impacted.

Shell did not say specifically how attackers accessed its Accellion implementation, but the breach is likely related to a series of attacks on vulnerabilities in Accellion FTA, a 20-year-old legacy product used by large corporations around the world.

Other victims of third-party attacks on Accellion FTA include Jones Day Law Firm and telecom giant Singtel.

Accellion tried to patch each subsequent vulnerability as soon as it was discovered; however, as evidenced by Shell's disclosure, unpatched systems likely remain and further attacks seem likely.

News URL

https://threatpost.com/shell-victim-of-accellion-attacks/164973/

#attack #energy

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Accellion		7	0	22	16	4	42