Mandiant Issues Final Report Regarding Accellion FTA Attack

Mandiant validates full remediation of all known security vulnerabilities in the FTA product

PALO ALTO, Calif., March 01, 2021 (GLOBE NEWSWIRE) — Accellion, Inc., provider of Kiteworks, the industry’s first enterprise content firewall, today issued a statement with regards to the previously reported cyberattacks on Accellion’s legacy File Transfer Appliance (“FTA”) product.

As previously disclosed, Accellion engaged FireEye Mandiant, a leading cybersecurity forensics firm, to conduct an investigation into the sophisticated cyberattacks on Accellion’s legacy FTA software in December 2020 and January 2021, and to review the FTA software for any other potential security vulnerabilities. Today, Mandiant has shared its full and final report with Accellion, which includes the following key findings:

  • All known FTA vulnerabilities have been remediated: Following penetration testing and code review, Mandiant has validated that Accellion has closed all known FTA vulnerabilities with patches issued soon after the vulnerabilities were identified.
  • Mandiant did not identify any additional vulnerabilities that were exploited by the attackers: The previously remediated vulnerabilities were the only ones known to be involved in the December 2020 and January 2021 attacks. During their investigation, Mandiant identified two new vulnerabilities, which have since been patched, accessible only by authenticated FTA users. Mandiant found no evidence that these vulnerabilities were exploited by threat actors.

Charles Carmakal, SVP and CTO of FireEye Mandiant, said, “We worked closely with the Accellion team over the past several weeks to review the Accellion FTA solution. We have concluded our security assessment and determined that effective patches have been made available for all Accellion FTA vulnerabilities known to have been exploited by threat actors in December 2020 and January 2021. As part of our engagement, Mandiant performed penetration testing and code review of the latest version of the FTA solution (9.12.444) and we have confirmed that Accellion has closed all identified FTA vulnerabilities.”

“Since becoming aware of these attacks, our team has been working around the clock to develop and release patches that resolve each identified FTA vulnerability, and support our customers affected by this incident,” said Jonathan Yaron, Accellion’s Chief Executive Officer. “I want to thank the Mandiant team for their expert collaboration in investigating this incident and reviewing our software to ensure all known FTA vulnerabilities have indeed been closed. To better ensure customer security in today’s dynamic threat environment, we have decided to accelerate FTA’s end-of-life to April 30, 2021 and continue to strongly urge all FTA customers that have not done so already to upgrade to the Kiteworks® platform as soon as possible.”

Accellion’s Kiteworks® content firewall platform was not affected by these attacks. The vulnerabilities exploited in these attacks apply only to Accellion’s legacy FTA product. Kiteworks® is built on a completely different code base using state-of-the-art security architecture, and is designed to provide industry-leading security for sensitive third party communications.

Accellion remains committed to supporting customers impacted by this incident, including assisting clients in their forensic analysis. Accellion developed a special tool for clients to use on their systems in order to check for indicators of compromise associated with the attack activity and to identify any files downloaded if their system was exploited. Additionally, Accellion has established a new “Trust Center” page on its website that includes a comprehensive FAQ and timeline of the attack as well as other relevant security information and updates. The Trust Center can be found at

To read Mandiant’s full findings on the cyberattacks on Accellion’s legacy FTA product, please visit Accellion FTA Attack – Mandiant Report.

To learn more about how Accellion helps organizations secure their third-party communications, please visit Enterprise Content Firewall.

About Accellion
The Accellion enterprise content firewall prevents data breaches and compliance violations from sensitive third party communications. With Accellion, CIOs and CISOs gain complete visibility, compliance, and control over IP, PII, PHI, and other sensitive content across all third-party communication channels, including email, file sharing, mobile, enterprise apps, web portals, SFTP, and automated inter-business workflows. Accellion has protected more than 25 million end users at more than 3,000 global corporations and government agencies, including NYC Health + Hospitals; KPMG; Kaiser Permanente; National Park Service; Tyler Technologies; and the National Institute for Standards and Technology (NIST). For more information, please visit or call (650) 485-4300. Follow Accellion on LinkedIn, Twitter, Facebook, and Accellion’s Blog.

Media Contact
Rob Dougherty
(650) 687-3163
[email protected]

Accellion and Kiteworks are registered trademarks of Accellion USA LLC. in the US and other countries. All other trademarks contained herein are the property of their respective owners.

Latest News

Conagen’s Novel Solution to Making Natural Capsaicin by Fermentation Accessible

Bedford, Mass., April 22, 2021 (GLOBE NEWSWIRE) — Scalable, sustainable capsaicin ingredients for its use in food, consumer and industrial products have now become more accessible. Conagen announced it has successfully scaled-up its fermentation process for the production of premium capsaicin and its related capsaicinoid molecules. Chili peppers are widely used as a food additive in spicy […]

Global Pandemic Fueled Renewed Investor Interest in Silver in 2020

Record Silver-Backed Exchange-Traded Product Inflows Drove Global Holdings to Over One Billion Ounces; Coin and Bar Demand Rose to a Four-Year High WASHINGTON, April 22, 2021 (GLOBE NEWSWIRE) — Considerable growth in silver investment was the chief driver of the metal’s 27 percent average price gain in 2020. Leading the way was substantial demand for […]

โรงงานใหม่ของ Nikkiso Cryo Inc. เพิ่มการผลิตปั๊มไครโอเจนิค

ลาสเวกัส, April 22, 2021 (GLOBE NEWSWIRE) — Nikkiso Cryo Inc. (NCI) ในเมืองลาสเวกัส รัฐเนวาดา ซึ่งเป็นสมาชิกของ Nikkiso Clean Energy and Industrial Gases Group (กลุ่ม) และเป็นส่วนหนึ่งของ Nikkiso Co., Ltd (ญี่ปุ่น) ได้ประกาศเกี่ยวกับโรงงานใหม่ซึ่งจะเพิ่มประสิทธิภาพและขีดความสามารถในการผลิตปั๊มไครโอเจนิค โรงงานใหม่ที่ใหญ่ขึ้นของ NCI เป็นสิ่งจำเป็นเนื่องจากการเติบโตและความต้องการผลิตภัณฑ์และบริการปั๊มไครโอจีนิคอย่างต่อเนื่องของตลาด LNG ทั่วโลก (หลักๆ คือสถานีส่งออกและนำเข้า LNG) โรงงานสำนักงานขนาด 15,000 ตารางฟุตอยู่ใกล้กับสถานที่ทดสอบการผลิตหลัก ซึ่งมีการปรับปรุงประสิทธิภาพในการดำเนินงาน ความปลอดภัย และขีดความสามารถในการผลิตที่เพิ่มขึ้นอย่างมาก ในจำนวนนี้ยังมีระบบหอเผาทิ้งระดับพื้นดินใหม่ที่มีประสิทธิภาพและขีดความสามารถในการผลิตที่ดีขึ้น อีกทั้งยังมีการติดตั้งเครนโอเวอร์เฮดไฟฟ้าประเภทที่ 1 แบบที่ 1 บนแผงทดสอบ ซึ่งช่วยลดต้นทุนและเพิ่มผลผลิตโดยช่วยให้สามารถทำงานหลายอย่างในเวลาเดียวกัน เพิ่มความปลอดภัยโดยอนุญาตให้สามารถยกและติดตั้งปั๊มหลายตัวสำหรับการทดสอบ รวมถึงได้รับการรับรองสำหรับพื้นที่อันตราย “นี่เป็นก้าวต่อไปที่น่าตื่นเต้นสำหรับบริษัทของเราและเป็นประโยชน์อย่างมากสำหรับลูกค้าของเรา NCI จะสามารถเพิ่มผลผลิตและลดเวลาในการผลิตได้” Daryl […]

AB InBev 100+ Accelerator partners with The Coca-Cola Company, Colgate-Palmolive and Unilever for Sustainable Startup Innovation

NEW YORK, April 22, 2021 (GLOBE NEWSWIRE) — Today, The Coca-Cola Company, Colgate-Palmolive Company and Unilever have joined the Anheuser-Busch InBev (AB InBev) 100+ Accelerator to fund and pilot sustainable innovation in supply chains. Launched in 2018, the 100+ Accelerator is a global incubator program that works to solve supply chain challenges across water stewardship, […]