Security Agencies of Five Countries Jointly Warn of Accellion Exploits

Security Agencies of Five Countries Jointly Warn of Accellion Exploits

The cybersecurity agencies of five countries – the U.S. Cybersecurity and Infrastructure Security Agency along with its counterparts in the U.K., Australia, New Zealand, and Singapore – have issued a joint advisory warning that hackers are exploiting vulnerabilities in Accellion. The attackers’ goal is to steal data and execute ransomware.

Accellion File Transfer Appliance is used worldwide by enterprises and governments to transfer and store sensitive files.

Attacks abusing its flaws have resulted in 100 companies being attacked and data stolen from 25 of them. 

Last year, a hacker group called UNC2546 by FireEye’s Mandiant threat team began exploiting this vulnerability to install a newly discovered exploit called DEWMODE. In December, Accellion patched an SQL injection vulnerability in its file transfer platform of which it notified its customers. The attacks didn’t stop, though.

This week saw two new victims of these attacks. The state agency Transport for New South Wales in Australia and the Canadian aircraft manufacturer Bombardier both have been hit with Accellion-related data breaches.

Some of the previous victims included the Reserve Bank of New Zealand,  Australia’s financial regulator ASIC; the Office of the Washington State Auditor, and the University of Colorado.

The vulnerabilities that attackers used in these incidents are known by the code names CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, and CVE-2021-27104.

To mitigate the risks, the joint advisory urges security agencies to update their Accellion to version FTA_9_12_432 or later. If not possible to upgrade, organizations should isolate or block all incoming or outgoing Internet connections to and from servers hosting the software, run antivirus scans, and consider moving to a new file-sharing platform.

Accellion will reach end of life on April 30, 2021 and the company will no longer support it. Instead, its customers are advised to migrate to the company’s newer product, Kiteworks.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.