This Joint Cybersecurity Advisory provides indicators of compromise (IOCs) and recommended mitigations for this malicious activity. In some instances observed, the attacker has subsequently extorted money from victim organizations to prevent public release of information exfiltrated from the Accellion appliance. In one incident, an attack on an SLTT organization potentially included the breach of confidential organizational data. According to Accellion, this activity involves attackers leveraging four vulnerabilities to target FTA customers. Worldwide, actors have exploited the vulnerabilities to attack multiple federal and state, local, tribal, and territorial (SLTT) government organizations as well as private industry organizations including those in the medical, legal, telecommunications, finance, and energy sectors. This activity has impacted organizations globally, including those in Australia, New Zealand, Singapore, the United Kingdom, and the United States. These authorities are aware of cyber actors exploiting vulnerabilities in Accellion File Transfer Appliance (FTA). If one of the products used by an organization is exploited, it opens up the organization to breaches as well.This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia, New Zealand, Singapore, the United Kingdom, and the United States. “Jones Day continues to investigate the breach and has been, and will continue to be, in discussion with affected clients and appropriate authorities.”Įmsisoft’s Brett Callow said that if Clop was behind the data breach on Accellion, then the hacker could have access to data belonging to the vendor’s clients, which include the Reserve Bank of New Zealand, Washington State, and the Australian Securities and Investments Commission.Ĭommenting on the Accellion data breach, Lamar Bailey, senior director of security research at Tripwire, told Infosecurity Magazine: “The old saying a chain is only as strong as its weakest link also holds true for today’s extensive supply chains. “Jones Day has been informed that Accellion’s FTA file transfer platform, which is a platform that Jones Day-like many law firms, companies and organizations-used, was recently compromised and information taken. Nor has Jones Day been the subject of a ransomware attack. In a statement released February 16, Jones Day said: “Jones Day’s network has not been breached. The law firm, whose clients include Alphabet Inc.’s Google, JPMorgan Chase & Co., Walmart Inc., President Donald Trump, Procter & Gamble Co., and McDonald’s Corp., is the tenth largest in the country.Ĭlop claimed to have received no response from Jones Day after contacting them about handing over the files in exchange for a ransom. When contacted by the WSJ, Clop claimed to be in possession of more than 100 gigabytes of data belonging to Jones Day. Among the documents are a cover letter for “confidential documents” and a memo addressed to a judge that has been labeled as a “confidential mediation brief.” The Wall Street Journal reports that a hacker known as Clop has leaked some documents online that they claim have been stolen from Jones Day. American legal giant Jones Day says its computer network has not been compromised following a cyber-attack on the firm’s file-transfer vendor Accellion.Īccellion’s 20-year-old FTA (Files Transfer Appliance) file-transfer platform was “the target of a sophisticated cyberattack,” according to a statement issued by the company on February 1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |