PRESS RELEASES

Accellion Provides Update to FTA Security Incident Following Mandiant’s Preliminary Findings

Mandiant Identifies Criminal Threat Actor and Mode of Attacks

PALO ALTO, Calif., Feb. 22, 2021 (GLOBE NEWSWIRE) — Accellion, Inc., provider of the industry’s first enterprise content firewall, today issued a statement regarding Mandiant’s preliminary findings with regards to the previously reported cyberattacks on Accellion’s legacy FTA product.

Mandiant, a division of FireEye, Inc., has identified UNC2546 as the criminal hacker behind the cyberattacks and data theft involving Accellion’s legacy File Transfer Appliance product. Multiple Accellion FTA customers who have been attacked by UNC2546 have received extortion emails threatening to publish stolen data on the “CL0P^_- LEAKS” .onion website. Some of the published victim data appears to have been stolen using the DEWMODE web shell. Mandiant is tracking the subsequent extortion activity under a separate threat cluster, UNC2582.

Accellion strongly recommends that FTA customers migrate to kiteworks, Accellion’s enterprise content firewall platform. These exploits apply exclusively to Accellion FTA clients: neither kiteworks nor Accellion the company were subject to these attacks. Kiteworks is built on an entirely different code base, using state-of-the-art security architecture, and a segregated, secure devops process. The kiteworks platform is FedRAMP authorized for Moderate CUI, and demonstrates compliance with GDPR, HIPAA, NIST 800-171, FIPS, SOC2, ISO 27001, and other data privacy regulations and standards.

Accellion has patched all known FTA vulnerabilities exploited by the threat actors and has added new monitoring and alerting capabilities to flag anomalies associated with these attack vectors.

Accellion does not access the information that its customers transmit via FTA. Following the attack, however, Accellion has worked at many customers’ request to review their FTA logs to help understand whether and to what extent the customer might have been affected. As a result, Accellion has identified two distinct groups of affected FTA customers based on initial forensics. Out of approximately 300 total FTA clients, fewer than 100 were victims of the attack. Within this group, fewer than 25 appear to have suffered significant data theft.

Accellion continues to offer support to all affected FTA customers to mitigate the impact of the attack.

The following CVEs have since been reserved for tracking the recently patched Accellion FTA vulnerabilities:

To read Mandiant’s preliminary findings on the cyberattack on Accellion’s legacy FTA product, please visit https://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html. Mandiant’s complete report will be made available in the coming weeks.

To learn more how Accellion helps organizations secure their third party communications, please visit Enterprise Content Firewall.

About Accellion
The Accellion enterprise content firewall prevents data breaches and compliance violations from sensitive third party communications. With Accellion, CIOs and CISOs gain complete visibility, compliance, and control over IP, PII, PHI, and other sensitive content across all third-party communication channels, including email, file sharing, mobile, enterprise apps, web portals, SFTP, and automated inter-business workflows. Accellion has protected more than 25 million end users at more than 3,000 global corporations and government agencies, including NYC Health + Hospitals; KPMG; Kaiser Permanente; AVL; American Automobile Association (AAA); Linde Gas; Tyler Technologies; and the National Institute for Standards and Technology (NIST). For more information, please visit www.accellion.com or call (650) 485-4300. Follow Accellion on LinkedInTwitterFacebook, and Accellion’s Blog.

Media Contact
Rob Dougherty
(650) 687-3163
[email protected]

Accellion and kiteworks are registered trademarks of Accellion USA LLC. in the US and other countries. All other trademarks contained herein are the property of their respective owners.

 

Latest News

Philogen Announces First Quarter 2021 Results and Provides Update on Pipeline Progress

Philogen Announces First Quarter 2021 Results and Provides Update on Pipeline Progress May 12, 2021 NidlegyTM on track for Phase III European trial in stage IIIB/C melanoma. Opening of additional clinical centers to boost recruitment rate is ongoing. Emerging promising data in non-melanoma skin cancers Fibromun on track for the six ongoing trials in Soft Tissue Sarcoma and High-Grade Glioma Philogen is […]

130 years of Philips innovation, collaboration, and social responsibility

May 12, 2021 Amsterdam, the Netherlands – Royal Philips (NYSE: PHG, AEX: PHIA), a global leader in health technology, today celebrated 130 years of innovation, collaboration, and social responsibility. During its rich history since being founded on May 15, 1891, in Eindhoven in the Netherlands, the company has continuously reinvented itself to remain relevant to society. Today, […]

Wasabi Enhances Cloud-Based Data Security with S3 Object Lock Support

Powerful new feature secures data with the ultimate protection against ransomware, malicious or accidental alteration and deletion Boston, MA, May 11, 2021 (GLOBE NEWSWIRE) — Wasabi, the hot cloud storage company, today announces S3 Object Lock, a new feature that allows users to store immutable objects in Wasabi’s cloud using applications that support S3 object […]

Acuant Strengthens Anti-Money Laundering and Cryptocurrency Compliance Solutions with Blockchain Analysis Leader Chainalysis

The Power of Acuant + Chainalysis LOS ANGELES, May 11, 2021 (GLOBE NEWSWIRE) — Acuant, the global trusted identity platform for fraud prevention and AML compliance, today announced its partnership with Chainalysis, the blockchain analysis company, to help financial institutions and cryptocurrency businesses assess risk, automate workflows, safeguard against illicit transactions and protect their reputations […]