Shell Latest to Fall to Accellion FTA Exploits

Shell has become the latest big-name firm to reveal it was affected by a data breach targeting vulnerabilities in legacy file transfer software.

In a brief statement that came to light this week, the oil giant admitted it is a customer of Accellion’s File Transfer Appliance (FTA) product.

It said it had addressed the exploited vulnerabilities and begun an investigation into the incident. As per other organizations breached in this way, it claimed that its core IT system was unaffected as FTA is isolated from the rest of its digital infrastructure.

“The ongoing investigation has shown that an unauthorized party gained access to various files during a limited window of time. Some contained personal data and others included data from Shell companies and some of their stakeholders,” the statement noted.

“Shell is in contact with the impacted individuals and stakeholders and we are working with them to address possible risks. We have also been in contact with relevant regulators and authorities and will continue to do so as the investigation continues.”

It’s unclear when Shell discovered the breach and which vulnerabilities were targeted. Accellion patched two zero-day bugs in late December, but attackers managed to compromise Singtel via a third vulnerability in January.

Other organizations known to have been affected include the New Zealand central bank, aircraft maker Bombardier, retail giant Kroger and legal firm Jones Day.

Security vendor FireEye has claimed that the group behind the attacks share similarities with the FIN11 cybercrime gang and the Clop ransomware group, on whose leaks site information stolen from some of the victims of this campaign has been published.

Accellion itself has claimed that “fewer than 100” of the 300 or so corporate users of FTA were affected by the campaign, and “fewer than 25 appear to have suffered significant data theft.”

What’s Hot on Infosecurity Magazine?