Even months after the breach, new and earlier unknown victims entered the light, reveling its great impact.
In the beginning of this year many companies, organizations, governments and people all over the world fell victims to a sever data breach, considered to be one of the major cyberattacks in 2021. Even months after the breach, new and earlier unknown victims entered the light, reveling its great impact. The Accellion data breach is something that many of us still remember.
The banking firm Accellion focuses on secure file sharing and collaboration software. The company develops an enterprise content firewall leveraged by more than 3.000 global corporations, hospitals, government organizations and universities.
Accellion suffered two different attacks. The first one was in December 2020 and the second one in January 2021. The attackers stole personal data by hacking into the Accellions legacy file transfer application, the FTA server, that was not properly protected. Hundreds of companies and government organizations worldwide were breached as a result of the flaws.
The cybercriminals combined multiple zero-day exploits and a new web shell to target the company’s file. A hole cluster of vulnerabilities was found in one of Accellions network equipment offerings, which the attackers exploited to access the file. After this, they used a web shell which provided them with an easy way to commit further attacks using a compromised web server, according to Wired.
The primary purpose behind the attack is considered to be financially motivated. The criminals threatened organizations to make their data public if a ransom payment was not made. Universities, health institutions, law firms, telecommunication companies, transport companies, and even more different types of organizations were affected by the extortion.
The attackers were identified as UNC2546 and UNC2582, two separate and previously unknown hacking groups that carried out the hacking spree and the extortion. The groups have connections with the FIN11 and the Clop ransomware gang, both famous for working with extortions to obtain financial gain. Together the different threat actors obtained the necessary steps to execute the attack; they exploited the vulnerabilities in the file for initial access, deployed a web shell, sent extortion emails and published stolen data, according to Security Week.
Relevant organizations and companies affected
Sensitive data information from different universities was discovered on the dark web in connection to the cyberattack. Yeshiva University, the University of Miami, the University of Colorado, Stanford University’s School of Medicine, are examples of some of the affected once. Moreover, the U.S. Department of Health and Human Services had more than 1.3 million patients of Centene subsidiaries impacted by the attack, according to Inside Highered.
The attack affected many different sectors, other well-known victims are the Australian Transport for New South Wales, Jones Day Law firm, supermarket mogul Kroger and the telecom giant, Singtel. Singtel reported that over 129,000 customers had been affected by the stolen data. In total, more than 100 organizations were reported affected by the happening and at least 11 of them were healthcare organizations, stating MSSPalert.
Short facts about data breaches
– A data breach exposes confidential, protected or sensitive information to an unauthorized person. The files in a data breach are accessed without permission.
– Anyone can be at risk of a data breach, from individuals to governments and high-level enterprises.
– Most of the time data breaches happen due to weaknesses in technology and user behavior.