- #Accellion file transfer appliance install#
- #Accellion file transfer appliance Patch#
- #Accellion file transfer appliance series#
In mid-December 2020, Mandiant responded to multiple incidents in which a web shell we call DEWMODE was used to exfiltrate data from Accellion FTA devices.
#Accellion file transfer appliance install#
Over time, the attackers exploited additional FTA vulnerabilities to gain enough control to install the web shell. The exploit served as the initial intrusion point. The earliest detected activity in the hacking campaign came in mid-December when Mandiant identified the hackers exploiting an SQL injection vulnerability in the Accellion FTA. Mandiant also said that many of the hacked organizations later received extortion demands that threatened to publish stolen data on a dark web site affiliated with the Cl0p ransomware group unless they paid a ransom. Cl1p Cl0pĪccording to research Accellion commissioned from security firm Mandiant, unknown hackers exploited the vulnerabilities to install a web shell that gave them a text-based interface to install malware and issue other commands on compromised networks. Although the product is almost 20 years old and Accellion has been transitioning customers to a newer product, the legacy FTA is still used by hundreds of organizations in the finance, government, and insurance sectors. Instead of receiving an attachment, email recipients get links to files hosted on the FTA, which can then be downloaded. This post will be updated if a reply comes after publication.Īccellion customers use the File Transfer Appliance as a secure alternative to email for sending large data files.
Guidehouse representatives didn’t immediately respond to an email asking why it took so long for the company to discover the breach, notify customers, and discover if other Guidehouse customers were also compromised. Guidehouse has informed Morgan Stanley that it found no evidence that Morgan Stanley’s data had been distributed beyond the threat actor. Although the data was obtained by the unauthorized individual around that time, the vendor did not discover the attack until March of 2021, and did not discover the impact to Morgan Stanley until May 2021, due to the difficulty in retroactively determining which files were stored in the Accellion FTA appliance when the appliance was vulnerable.
#Accellion file transfer appliance Patch#
What took so long?Īccording to Guidehouse, the Accellion FTA vulnerability that led to this incident was patched in January 2021, within 5 days of the patch becoming available.
#Accellion file transfer appliance series#
Unknown hackers obtained the data by exploiting a series of hacks that came to light in December and January. A third-party service called Guidehouse, which provides account maintenance services to the financial services company, was in possession of the data at the time. The data obtained included names, addresses, dates of birth, Social Security numbers, and affiliated corporate company names, Morgan Stanley said in a letter first reported by Bleeping Computer. Morgan Stanley suffered a data breach that exposed sensitive customer data, and it became the latest known casualty of hackers exploiting a series of now-patched vulnerabilities in Accellion FTA, a widely used third-party file-transfer service.
0 kommentar(er)
