The zero-day attacks on Accellion FTA servers, which hit around 100 companies worldwide in December 2020 and January 2021, were carried out by a cybercrime group called FIN11, cyber security company FireEye announced today.
During the attacks, hackers exploited four vulnerabilities to attack FTA servers and installed a web shell called DEWMODE, which the attackers used to download files stored on the victim’s FTA appliances.
“Out of a total of around 300 FTA customers, fewer than 100 were victims of the attack,” Accellion said in a press release today. “Within this group, fewer than 25 appear to have suffered significant data theft.”
FireEye said some of these 25 customers have received ransom demands following the attacks on their FTA servers for file sharing.
The attackers emailed and …