Accellion Vulnerabilities, Cyberattacks and Victims: Customer List and Status Updates

The Accellion cyberattack continues to impact partners and customers worldwide. Here’s a regularly updated list of Accellion supply chain victims and what happened.

First, a little background: Accellion specializes in secure file sharing and collaboration software. The company develops an enterprise content firewall leveraged by more than 3,000 global corporations, government organizations, hospitals and universities. Key investors include Baring Private Equity Asia and Bregal Sagemount.

Accellion Vulnerabilities Discovered: In December 2020, the Accellion File Transfer Appliance product suffered a zero-day exploit. Acellion patched multiple vulnerabilities between December 2020 and January 2021. For details, look for CVE (Common Vulnerabilities and Exposures) codes 2021-27101, 2021-27102, 2021-27103 and 2021-27104.

Hacker Group that Targeted Accellion: Researchers have identified a set of threat actors (dubbed UNC2546 and UNC2582) with connections to the FIN11 and the Clop ransomware gang as the cybercriminal group behind the Accellion attack. Source: Threatpost, February 22, 2021.

Accellion Cyberattack Victims List: Updated Regularly

Hackers leveraged the vulnerabilities to attack multiple Accellion partners and customers. Here’s a regularly updated victims list…

Australian Securities and Investments Commission: One of its servers was breached in relation to Accellion software used by the agency to transfer files and attachments. Source: ZDnet, January 27, 2021.

Australia’s Transport for New South Wales: Details were disclosed in February 2021. Source: ZDnet, February 23, 2021.

Bombardier: The jet maker and Canadian aviation company had some of its data lifted and posted on the dark web. Source: ComputerWeekly, February 24, 2021.

Flagstar Bank: The bank told customers that hackers gained unauthorized access to their names, Social Security numbers and home addresses and it is giving them two free years of identity-monitoring services as compensation. Source: Detroit Free Press, March 24, 2021.

Jones Day Law Firm: Hackers have stolen and leaked files belonging to the Jones Day law firm, one of the largest law firms in the world….