{"id":440781,"date":"2021-02-22T09:03:30","date_gmt":"2021-02-22T14:03:30","guid":{"rendered":"http:\/\/www.marketnewsdesk.com\/?p=440781"},"modified":"2021-02-22T09:03:30","modified_gmt":"2021-02-22T14:03:30","slug":"accellion-provides-update-to-fta-security-incident-following-mandiants-preliminary-findings","status":"publish","type":"post","link":"https:\/\/www.marketnewsdesk.com\/index.php\/accellion-provides-update-to-fta-security-incident-following-mandiants-preliminary-findings\/","title":{"rendered":"Accellion Provides Update to FTA Security Incident Following Mandiant\u2019s Preliminary Findings"},"content":{"rendered":"

\nMandiant Identifies Criminal Threat Actor and Mode of Attacks
\n<\/h2>\n
\n

PALO ALTO, Calif., Feb. 22, 2021 (GLOBE NEWSWIRE) — Accellion, Inc.<\/u><\/a>, provider of the industry\u2019s first\u00a0enterprise content firewall<\/a>, today issued a statement regarding Mandiant\u2019s preliminary findings<\/a> with regards to the previously reported cyberattacks on Accellion\u2019s legacy FTA product.<\/p>\n

Mandiant, a division of FireEye, Inc., has identified UNC2546 as the criminal hacker behind the cyberattacks and data theft involving Accellion\u2019s legacy File Transfer Appliance product. Multiple Accellion FTA customers who have been attacked by UNC2546 have received extortion emails threatening to publish stolen data on the \u201cCL0P^_- LEAKS” .onion website. Some of the published victim data appears to have been stolen using the DEWMODE web shell. Mandiant is tracking the subsequent extortion activity under a separate threat cluster, UNC2582.<\/p>\n

Accellion strongly recommends that FTA customers migrate to kiteworks, Accellion\u2019s enterprise content firewall platform. These exploits apply exclusively to Accellion FTA clients: neither kiteworks nor Accellion the company were subject to these attacks. Kiteworks is built on an entirely different code base, using state-of-the-art security architecture, and a segregated, secure devops process. The kiteworks platform is FedRAMP authorized for Moderate CUI, and demonstrates compliance with GDPR, HIPAA, NIST 800-171, FIPS, SOC2, ISO 27001, and other data privacy regulations and standards.<\/p>\n

Accellion has patched all known FTA vulnerabilities exploited by the threat actors and has added new monitoring and alerting capabilities to flag anomalies associated with these attack vectors.<\/p>\n

Accellion does not access the information that its customers transmit via FTA. Following the attack, however, Accellion has worked at many customers\u2019 request to review their FTA logs to help understand whether and to what extent the customer might have been affected. As a result, Accellion has identified two distinct groups of affected FTA customers based on initial forensics. Out of approximately 300 total FTA clients, fewer than 100 were victims of the attack. Within this group, fewer than 25 appear to have suffered significant data theft.<\/p>\n

Accellion continues to offer support to all affected FTA customers to mitigate the impact of the attack.<\/p>\n

The following CVEs have since been reserved for tracking the recently patched Accellion FTA vulnerabilities:<\/p>\n