Zero-day vulnerability in file transfer platform leads to a data breach in Shell

Through a statement, security teams at Shell revealed that the company was the victim of a data breach caused by the unauthorized break-in on the Accellion FTA file-sharing platform. As you may remember, Shell is one of the world’s leading petrochemical and energy companies, with a presence in more than 70 countries and a total of 86,000 employees.

In the message, posted on its website, the company notes that the incident only affected this file transfer platform: “Upon detecting the incident, our cybersecurity team began an immediate mitigation process in conjunction with external specialists, as well as starting an investigation to determine exactly what happened.”

On the impact of the incident, Shell says there is no evidence to suggest that threat actors have gained access to other areas of its infrastructure, as its implementation of Accellion FTA is isolated from its main network: “We have already notified the relevant authorities and regulators, as the incident involves some information stored in Accellion.” The report mentions that some of the data that the attackers managed to access belongs to their Shell subsidiary offices and includes both personal and business information.

The company decided not to disclose details about the cybercriminal group behind this attack so as not to intervene with the investigation, although a source close to Shell’s cybersecurity teams claims that the attack would have been deployed by the hacking group identified as FIN11.

Although there is nothing confirmed, some members of the cybersecurity community believe that it is possible that this hacking group is linked to the operators of the Clop ransomware, who have also deployed multiple attacks thanks to the exploitation of some zero-day vulnerability in Accellion FTA revealed in late 2021.

On the other hand, Accellion developers mention that about 300 of their customers use the vulnerable version, while so far around 100 successful attacks have been confirmed. In an update to these reports, Accellion said fewer than 30 affected organizations have suffered significant data breaches.

However, this attack has already been detected in multiple public and private organizations, including cybersecurity firm Qualys, supermarket chain Kroger, technology firm Singtel and even the New Zealand National Reserve Bank.

Accellion FTA ensures that the best way to prevent these attacks is to install the latest versions of its software, as it has been confirmed that multiple implementations of this file transfer platform remain vulnerable to this attack.