FireEye links 0-day attacks on FTA servers & extortion campaign to FIN11 group

Firstly, do you know if you have Accellion? If so, do you know what the patch status is?…:

The attacks using zero-days in Accellion FTA servers that have hit around 100 companies across the world in December 2020 and January 2021 have been carried out by a cybercrime group known as FIN11, cyber-security firm FireEye said today.

During the attacks, hackers exploited four security flaws to attack FTA servers, install a web shell named DEWMODE, which the attackers then used to download files stored on victim’s FTA appliances.

“Out of approximately 300 total FTA clients, fewer than 100 were victims of the attack,” Accellion said in a press release today. “Within this group, fewer than 25 appear to have suffered significant data theft.”

But FireEye says that some of these 25 customers have now received ransom demands following the attacks on their FTA file-sharing servers.

[…]

Original article