The multinational gas station giant, which also refines oil and extracts natural gas, Royal Dutch Shell, I am only Shell (as it is known), is another victim of the attack on the supply chain that hit the file sharing app Accellion FTA.
In a statement published last Tuesday (16), the company reported that it had breached data after cybercriminals compromised the file transfer tool, Accellion FTA, in which Shell is a customer.
“Shell was affected by a data security incident involving the Accellion file transfer application. Shell uses this device to securely transfer large data files, “writes the company.
Shell reports that it is investigating the case and that no internal systems have been compromised, as the attack is capable of breaching data sent via the Accellion FTA and does not interfere with the company’s technology infrastructure. However, personal user data and market secrets may have been stolen.
“The ongoing investigation showed that an unauthorized party gained access to multiple files over a limited period of time. Some contained personal data and others included data from Shell companies and some of their shareholders“.
The petrochemical multinational, which has more than 86,000 employees spread over more than 70 countries and has the fifth highest turnover in the Global 500 survey by Fortune magazine, said he has contacted the responsible authorities and is working to resolve the case.
Attack on the Accellion supply chain
The attack on Accellion’s supply chain was identified by FireEye in December last year. For the attack, cybercriminals, allegedly linked to the group that operates the Clop ransomware and to a group known as FIN11, exploited several zero-day vulnerabilities present in the Accellion FTA, legacy software that features codes that are more than 20 years old.
THE Accelion FTA is a software widely used by government institutions, universities and companies that need to share data with other companies or customers, which makes it a very attractive solution for cybercriminals.
In this attack, more than 100 companies have been committed, such as the Kroger supermarket chain, Singtel, QIMR Berghofer Medical Research Institute, Reserve Bank of New Zealand, Australian Securities and Investiments Commission, Office of the Washington State Auditor, ABS Group, Jones Day, Danaher, Furgo, University of Colorado and the American Bureau of Shipping, now Qualys, and others. All of them are necessarily Accellion FTA customers.