- Energy giant Shell has disclosed a data breach after attackers compromised the company’s secure file-sharing system powered by Accellion’s File Transfer Appliance (FTA).
- According to the company, some of the data accessed during the attack belongs to stakeholders and Shell subsidiaries.
- Cyber security and personal data privacy are important for Shell and we work continuously to improve our information risk management practices. We will continue to monitor our IT systems and improve our security. We regret the concern and inconvenience this may cause affected parties. — Shell
- While the attackers’ identity was not disclosed in Shell’s statement, a joint statement published by Accellion and Mandiant last month shed more light on the attacks, linking them to the FIN11 cybercrime group.
- The Clop ransomware gang has also been using an Accellion FTA zero-day vulnerability (disclosed in mid-December 2020) to compromise and steal data from multiple companies.
– Sergiu Gatlan | March 22, 2021