Financial

Energy giant Shell impacted in Accellion hack

Shell is just the latest in a long line of victims.

March 23, 2021

(Adam Berry/Getty Images)

Oil and gas company Shell is the latest organization to get caught up in the hack that targeted IT provider Accellion’s file-sharing platform, the energy company says.

The suspected criminal hackers behind the breach, who have gone after victims around the world using vulnerabilities in Accellion’s file transfer application (FTA), have accessed some personal data as well as data belonging to Shell stakeholders and subsidiaries, the company said on March 16. Shell had used the FTA to securely transfer large files.

The incident appears to have only impacted the Accellion file transfer service. Shell claims there is “no evidence” so far that the incident has affected Shell’s IT system itself.

Shell is working with authorities and regulators to investigate the incident, the firm said.

The list of companies that use Accellion’s FTA that have fallen victim to the Accellion hack continues growing by the day. A Michigan-based savings bank and the grocery chain Kroger have previously announced that they have been impacted as a result of Accellion’s breach. Jones Day, a prominent law firm, has also been hit, according to The Wall Street Journal. Other victims include the Reserve Bank of New Zealand, the state of Washington, Harvard Business School and cybersecurity company Qualys.

Palo Alto-based Accellion has been hit with a class action lawsuit in recent weeks that claims it failed to ensure “adequate security protocols” for the FTA.

The hackers involved in the Accellion hack have, in some cases, threatened to publish data stolen from victims.

Security researchers are tracking multiple overlapping hacking groups that appear to be involved the operation. A group known as UNC2546 appears to be the group behind the initial exploitation of the Accellion FTA zero-day vulnerabilities, according to FireEye researchers, who have also said that a group called UNC2582 appears to be using stolen data to extort victims.

UNC2582 has claimed in extortion emails to victims that it is linked with the threat actors behind Clop ransomware, according to FireEye.

UNC2582 has a track record of following through on threats to publish stolen data, according to FireEye.

FireEye has observed overlaps between these hacking groups and another attack team known as FIN11.

Energy giant Shell impacted in Accellion hack

More Like This

House hurtles toward showdown over expiring surveillance tools

Civil society groups press platforms to step up election integrity work

‘Large volume’ of data stolen from UN agency after ransomware attack

Top Stories

Treasury official: Small financial institutions have ‘growth to do’ in using AI against threats

FBI director warns of China’s preparations for disruptive infrastructure attacks

More Scoops

Accellion breach exposed data from patients at major Michigan hospital system

Hacking group exploited SonicWall zero-day for ransomware attacks, FireEye says

FIN8 cybercrime group resurges with improved hacking tool

Accellion hack ensnares Flagstar Bank, putting customer and employee data at risk

FireEye IDs hacking group suspected in Accellion, Kroger breach

Hackers are gaming the media to extort breached casinos in Canada, researchers say

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics