Accellion developers were unable to notify customers about attacks due to problems with mail

Accellion unable to notify customers
Written by Emma Davis

Since December 2020, cybersecurity experts have recorded massive attacks on companies and organizations using the outdated Accellion FTA (File Transfer Application) file-sharing service, but the company’s employees could not notify customers of the attack due to problems with mail.

FireEye analysts linked this activity to the FIN11 hacker group and warned that more than 100 companies had become victims of cybercriminals.

According to the Accellion developers, among the approximately 300 FTA clients, β€œless than 100” were victims of attacks, and among them, less than 25 were affected by data theft. FireEye clarified that some of these 25 clients were blackmailed, and hackers demanded a ransom from them.

As part of this campaign, hackers exploited four vulnerabilities in the FTA (CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104) and then installed the DEWMODE web shell and used it to steal files stored on victims’ FTA devices. After that, the attackers blackmailed the victims, demanding a ransom and threatening to leak the stolen information into the public domain.

As a result, the developers of Accellion released several “waves” of fixes, but each time they emphasized that FTA has long been an outdated product, and urged their customers to migrate to the new Kiteworks platform. As a result, the company even stated that it would finally stop supporting the FTA from April 30, 2021.

As it turns out, the developers from the very beginning tried to notify customers about what was happening and the need to urgently install patches, but a faulty email tool delayed important notifications for several days.

According to FireEye (PDF) specialists, which Accellion hired to investigate the incident, the vulnerability patches were available as early as December 20 and then December 23.

Accellion unable to notify customers

However, a report released this week by the Reserve Bank of New Zealand, which was also affected by the FTA attacks, states that the financial institution’s employees did not receive any notifications from the developers, and did not know about what was happening at all.

Software updates to address this issue were released by the vendor in December 2020, shortly after the vulnerability was discovered. However, the email tool used by the vendor was unable to send notifications, and therefore the bank was not notified [of the problem] until January 6, 2021.the bank representatives said.

That is, the attackers had weeks to hack into the FTA server and steal confidential information.

Audit firm KPMG, which investigated the attack, claims that the lack of timely notification of the issue contributed significantly to the hack. Experts say that very few Accellion customers even knew about the release of the patches, and as a result, they left their devices vulnerable throughout the winter holidays.

Let me remind you that I reported that FireEye Experts Link Accellion Clients Hacks to FIN11 Hack Group.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.