• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

FireEye: Accellion FTA Attacks Could be FIN11

You are here: Home / General Cyber Security News / FireEye: Accellion FTA Attacks Could be FIN11

A string of attacks exploiting a legacy file transfer item have been joined to nicely-recognised fiscal cybercrime gang FIN11.

The attacks on the New Zealand Central Lender, Singtel, Kroger and quite a few additional exploited multiple zero-day vulnerabilities in Accellion’s FTA product or service and are getting tracked by FireEye as UNC2546.

✔ Approved Seller by TheCyberSecurity.News From Our Partners
Avast Ultimate Suite 2021

Protect yourself against all threads using AVAST Ultimate Suite. AVAST Ultimate Suite protects your Windows, macOS and your Android via Avast Premium. In addition it comes with AVAST's well-known VPN service SecureLineVPN. Therefore, it will be a security and privacy in one package.

Get AVAST Ultimate Suite with 65% discount certified seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“The commitment of UNC2546 was not immediately apparent, but starting off in late January 2021, many corporations that experienced been impacted by UNC2546 in the prior thirty day period began receiving extortion emails from actors threatening to publish stolen details on the ‘CL0P^_- LEAKS’ .onion site,” the seller spelled out.

“Some of the posted victim details seems to have been stolen working with the DEWMODE web shell.”

FireEye reported that the FIN11 gang has formerly printed stolen target info from CLOP ransomware attacks on the same .onion site, in double dip extortion campaigns. Even though there was no ransomware in the Accellion attacks, investigators found other backlinks with the team.

It reported several of the businesses compromised by UNC2546 were beforehand specific by FIN11, and that an IP address that communicated with a DEWMODE web shell was in the “Fortunix Networks L.P.” netblock. This is a network usually utilized by FIN11 to host obtain and FRIENDSPEAK command and regulate (C2) domains, FireEye claimed.

The vendor is tracking the extortion exercise connected to the Accellion attacks as UNC2582 and said it found even far more overlaps in between this and FIN11, together with email messages sent from the identical IP addresses as FIN11 phishing strategies.

In an update yesterday, Accellion alone revealed that “fewer than 100” of the 300 company end users of FTA were afflicted by the campaign, and “fewer than 25 look to have suffered considerable info theft.”


Some pieces of this article are sourced from:
www.infosecurity-journal.com

Previous Post: «5 Security Lessons For Small Security Teams For The Post 5 Security Lessons for Small Security Teams for the Post COVID19 Era

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • FireEye: Accellion FTA Attacks Could be FIN11
  • 5 Security Lessons for Small Security Teams for the Post COVID19 Era
  • Most Firms Now Fear Nation State Attack
  • New Partnership Launched to Improve Cyber-Resilience in Scotland
  • Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks
  • Google Alerts used to launch fake Adobe Flash Player updater
  • Interactive hacks went up 400% in the past two years
  • ‘Think about problems in a different way’: Inside the Bank of America CISO’s neurodiversity push
  • Assume ClubHouse Conversations Are Being Recorded, Researchers Warn
  • Former Employee Behind Earthquakes Stadium Hack

Copyright © TheCyberSecurity.News, All Rights Reserved.