Recent Cyber Attacks

Accellion Data Breach:
What Happened & Who Was Impacted?

May 14, 2024

Accellion FTP Data Breach Explained

The Accellion file transfer application (FTA) data breach has impacted over 100 companies, organizations, universities, and government agencies around the world and continues to grow every week.

In this episode of The Breach Report, we take a look at the Accellion data breach and discuss:

How the data breach happened.
Who was responsible for the attack.
What organizations have been impacted.
How you can prevent the Accellion vulnerability.

How Did The Accellion Breach Happen?

Threat actors combined multiple zero-day exploits and a new web shell targeting the legacy file transfer application (FTA) from Accellion.

The primary purpose behind the attack appears to be financially motivated. The threat actors extort organizations by threatening to sell their data online if a ransom payment is not made.

While Accellion did provide a patch in December 2020, it was not sufficient enough to thwart a second attack in January 2021. A subsequent patch was then released to remediate this vulnerability.

The following CVEs have been released in association with the Accellion breach:

CVE-2021-27101 – Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.
CVE-2021-27102 – Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.
CVE-2021-27103 – Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.
CVE-2021-27104 – Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.

Who Is Responsible For The Accellion Data Breach?

Threat researchers identified UNC2546 and UNC2582 to be behind the Accellion attacks. These threat actors have known connections to FIN11 and the CLOP ransomware gang.

Who Was Impacted By The Accellion Data Breach?

As of May 30, 2021 the Accellion data breach is known to have impacted the following organizations:

Free IT Security Policies

Get a step ahead of your goals with our comprehensive templates.

Download Now

How Can You Prevent The Accellion Vulnerability?

It is strongly recommended by security professionals that you do not use the file transfer appliance app provided by Accellion. This application is unsupported by the vendor and will no longer receive security patches.

If you continue to use this application past its end-of-life date then you are placing your organization at serious risk of compromise.

Article by

Jason Firch, MBA

Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with over a decade of experience. He is the founder and CEO of PurpleSec.

Jason Firch, MBA

Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with over a decade of experience. He is the founder and CEO of PurpleSec.

Share This Article

Our Editorial Process

Our content goes through a rigorous approval process which is reviewed by cybersecurity experts – ensuring the quality and accuracy of information published.