Accellion FTA Zero-Day Cl0p Mass Breach — 100+ Organizations

📅 2021-03-01 🏢 Accellion File Transfer Appliance (FTA) 🦠 DEWMODE web shell

Incident Details

See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, Australian National University, QIMR Berghofer Medical Research Institute, Singtel, Transport for NSW, ASIC, Qualys, Shell, Bombardier, Stanford University, and many others. Cl0p did not encrypt data — only exfiltrated and extorted.

Technical Details

Initial Attack Vector: Cl0p ransomware group exploited four zero-day vulnerabilities (CVE-2021-27101 through CVE-2021-27104) in Accellion's legacy File Transfer Appliance (FTA); the FTA was a 20-year-old product that Accellion was actively trying to migrate customers away from
Vendor / Product: Accellion File Transfer Appliance (FTA)
Malware Family: DEWMODE web shell
Supply Chain Attack: ✅ Confirmed third-party / vendor compromise

Timeline

2021-03-01 Breach occurred
2021-03-01 Publicly disclosed