Friday, March 5, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks

February 23, 2021
in Internet Privacy
Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Cybersecurity researchers on Monday tied a string of attacks targeting Accellion File Transfer Appliance (FTA) servers over the past two months to data theft and extortion campaign orchestrated by a cybercrime group called UNC2546.

The attacks, which began in mid-December 2020, involved exploiting multiple zero-day vulnerabilities in the legacy FTA software to install a new web shell named DEWMODE on victim networks and exfiltrating sensitive data, which was then published on a data leak website operated by the CLOP ransomware gang.

You might also like

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead

But in a twist, no ransomware was actually deployed in any of the recent incidents that hit organizations in the U.S., Singapore, Canada, and the Netherlands, with the actors instead resorting to extortion emails to threaten victims into paying bitcoin ransoms.

password auditor

According to Risky Business, some of the companies that have had their data listed on the site include Singapore’s telecom provider SingTel, the American Bureau of Shipping, law firm Jones Day, the Netherlands-based Fugro, and life sciences company Danaher.

http://thehackernews.com/

Following the slew of attacks, Accellion has patched four FTA vulnerabilities that were known to be exploited by the threat actors, in addition to incorporating new monitoring and alerting capabilities to flag any suspicious behavior. The flaws are as follows –

  • CVE-2021-27101 – SQL injection via a crafted Host header
  • CVE-2021-27102 – OS command execution via a local web service call
  • CVE-2021-27103 – SSRF via a crafted POST request
  • CVE-2021-27104 – OS command execution via a crafted POST request

FireEye’s Mandiant threat intelligence team, which is leading the incident response efforts, is tracking the follow-on extortion scheme under a separate threat cluster it calls UNC2582 despite “compelling” overlaps identified between the two sets of malicious activities and previous attacks carried out by a financially motivated hacking group dubbed FIN11.

“Many of the organizations compromised by UNC2546 were previously targeted by FIN11,” FireEye said. “Some UNC2582 extortion emails observed in January 2021 were sent from IP addresses and/or email accounts used by FIN11 in multiple phishing campaigns between August and December 2020.”

Once installed, the DEWMODE web shell was leveraged to download files from compromised FTA instances, leading to the victims receiving extortion emails claiming to be from the “CLOP ransomware team” several weeks later.

Lack of reply in a timely manner would result in additional emails sent to a wider group of recipients in the victim organization as well as its partners containing links to the stolen data, the researchers detailed.

Besides urging its FTA customers to migrate to kiteworks, Accellion said fewer than 100 out of 300 total FTA clients were victims of the attack and that less than 25 appear to have suffered “significant” data theft.

The development comes after grocery chain Kroger disclosed last week that HR data, pharmacy records, and money services records belonging to some customers might have been compromised as a result of the Accellion incident.


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

How AI is Modernizing the Collections Process

Next Post

Transport for NSW confirms data taken in Accellion breach

Related Posts

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount
Internet Privacy

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

March 5, 2021
CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws
Internet Privacy

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

March 5, 2021
Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead
Internet Privacy

Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead

March 5, 2021
Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit
Internet Privacy

Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit

March 4, 2021
A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account
Internet Privacy

A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account

March 4, 2021
Next Post
Transport for NSW confirms data taken in Accellion breach

Transport for NSW confirms data taken in Accellion breach

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

FTC joins 38 states in takedown of massive charity robocall operation
Internet Security

FTC joins 38 states in takedown of massive charity robocall operation

March 5, 2021
Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount
Internet Privacy

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

March 5, 2021
Three Finalists Selected in $4.5 Million Watson AI XPrize Competition  
Artificial Intelligence

Three Finalists Selected in $4.5 Million Watson AI XPrize Competition  

March 5, 2021
How to Boost Machine Learning in Healthcare Market Compound Annual Growth Rate (CAGR)? – KSU
Machine Learning

How to Boost Machine Learning in Healthcare Market Compound Annual Growth Rate (CAGR)? – KSU

March 5, 2021
Accellion zero-day claims a new victim in cybersecurity company Qualys
Internet Security

Accellion zero-day claims a new victim in cybersecurity company Qualys

March 5, 2021
How to Meet the Enterprise-Grade Challenge of Scaling AI 
Artificial Intelligence

How to Meet the Enterprise-Grade Challenge of Scaling AI 

March 5, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • FTC joins 38 states in takedown of massive charity robocall operation March 5, 2021
  • Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount March 5, 2021
  • Three Finalists Selected in $4.5 Million Watson AI XPrize Competition   March 5, 2021
  • How to Boost Machine Learning in Healthcare Market Compound Annual Growth Rate (CAGR)? – KSU March 5, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates