The famous name in oil and gas, Shell, disclosed a data breach that happened because of the compromise of its Accellion File Transfer Appliance, a file sharing service.
The oil and gas company is a multi-national that earned US $180.5 billion in 2020 and employs a force of 86,000.
As per Shell’s statement on the data breach, ‘the cyberattack did not affect our network, but only impacted an Accellion FTA server.’
“Shell has been impacted by a data security incident involving Accellion’s File Transfer Appliance. Shell uses this appliance to transfer large data files securely.” reads the data breach notification.
“Upon learning of the incident, Shell addressed the vulnerabilities with its service provider and cybersecurity team, and started an investigation better to understand the nature and extent of the incident.”
Shell notified data authorities and regulators of the security breach, and affected individuals and stakeholders were notified alongside as well.
“There is no evidence of any impact to Shell’s core IT systems as the file transfer service is isolated from the rest of Shell’s digital infrastructure. The ongoing investigation has shown that an unauthorized party gained access to various files during a limited window of time.”
Multiple organizations have been targeted across the globe by cybercrime groups since disclosing the vulnerabilities in Accellion FTA. February saw FireEye’s security experts linking these cyber attacks against organizations who use Accellion File Transfer Appliance Servers to cybercrime group FIN11.
After breaking into the network, FIN11 hackers asked for a Bitcoin payment to avoid the breach of information on the leak site.
Now, the cybercrime police are tracking two separate clusters of activities. The first cluster relates to the ‘exploitation of the zero-day flaws’ in Accellion FTA software. The second one relates to the subsequent extortion activity.
“We have identified overlaps between UNC2582, UNC2546, and prior FIN11 operations, and we will continue to evaluate the relationships between these clusters of activity.” continues FireEye.
FireEye observed that while FIN11 hackers publish information from Accellion FTA users on the Clop ransomware leak site but didn’t encrypt systems on the compromised network.
Reacting to the cluster of attacks, Accellion has released numerous security patches to address the possible leaks. The company has also announced retiring its legacy FTA server software in April. It is now urging its users to upgrade to the kiteworks product, which swaps the FTA server.