Accellion Data Breach 2021

Accellion Data Breach: What Happened & Who Was Impacted?

 

Accellion FTP Data Breach Explained

 

The Accellion file transfer application (FTA) data breach has impacted over 100 companies, organizations, universities, and government agencies around the world and continues to grow every week.

 

In this episode of The Breach Report, we take a look at the Accellion data breach and discuss:

 

  • How the data breach happened
  • Who was responsible for the attack
  • What organizations have been impacted
  • How you can prevent the Accellion vulnerability

 

 

How Did The Accellion Breach Happen?

 

Threat actors combined multiple zero-day exploits and a new web shell targeting the legacy file transfer application (FTA) from Accellion.

 

The primary purpose behind the attack appears to be financially motivated. The threat actors extort organizations by threatening to sell their data online if a ransom payment is not made.

 

While Accellion did provide a patch in December 2020, it was not sufficient enough to thwart a second attack in January 2021. A subsequent patch was then released to remediate this vulnerability.

 

The following CVEs have been released in association with the Accellion breach:

 

  • CVE-2021-27101 – Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.
  • CVE-2021-27102 – Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.
  • CVE-2021-27103 – Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.
  • CVE-2021-27104 – Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.

 

Who Is Responsible For The Accellion Data Breach?

 

Threat researchers identified UNC2546 and UNC2582 to be behind the Accellion attacks. These threat actors have known connections to FIN11 and the CLOP ransomware gang.

 

 

Who Was Impacted By The Accellion Data Breach?

 

As of May 30, 2021 the Accellion data breach is known to have impacted the following organizations:

 

 

How Can You Prevent The Accellion Vulnerability?

 

It is strongly recommended by security professionals that you do not use the file transfer appliance app provided by Accellion. This application is unsupported by the vendor and will no longer receive security patches.

 

If you continue to use this application past its end-of-life date then you are placing your organization at serious risk of compromise.

 

sample penetration test report pdf template

 

Related Articles

 

Josh Allen

Josh is a diversely-skilled cyber security professional with 10 years of Department of Defense cyber security experience and the President and COO of Assured Compliance Technology. He recently served as a team lead for a Security Operations Center (SOC) supervising a team in a fast-paced cloud security as a service company.

No Comments

Post a Comment

Comment
Name
Email
Website