The transport system of the Australian state New South Wales (NSW) had data leaked after the Clop ransomware hit Accellion file transfer software, North American provider of cloud services.
Transport for NSW, is a state-owned company, responsible for the entire fleet of buses, ferries, air transport and cargo transportation in the state. The company uses Accellion FTA for internal file transfers.
The data leak was reported by the company itself, in a statement published on Tuesday (23/02). According to Transport for NSW, the data leak is directly related to the Acellion server and no other Transport for NSW systems have been hacked.
“This breach was limited to Accellion servers. No other Transport for NSW systems were affected, including systems related to driver’s license information,” writes the company.
NSW’s cybersecurity team is already investigating the case. “Cyber Security NSW is managing the investigation by the NSW government with the help of forensic experts. We are working closely with Cyber Security NSW to understand the impact of the breach, including on customer data.”
Clop Ransomware
According to FireEye, in December 2020, cybercriminals exploited several zero day vulnerabilities in the file transfer software, the Accellion FTA, to access and steal data from their users.
“In December 2020, malicious agents (UNC2546) […] exploited several zero day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered shell called DEWMODE. As of the end of January 2021, several organizations that were impacted by UNC2546 in the previous month began to receive extortion emails from actors who threatened to publish stolen data on the ‘CL0P ^ _- LEAKS’ website.“, write the FireEye researchers.
THE Accelion FTA is a software widely used by government institutions, universities and companies that need to share data with other companies or customers, which makes it a very attractive solution for cybercriminals.
According to Bleeping Computer, more than 100 companies (customers) may have been compromised in the attack on Accelion. Committed companies are users of Accelion FTA. An attack much like the attack on the SolarWinds supply chain.
The Kroger supermarket chain, Singtel, QIMR Berghofer Medical Research Institute, Reserve Bank of New Zealand, Australian Securities and Investiments Commission, Office of the Washington State Auditor, ABS Group, Jones Day, Danaher, Furgo, University of Colorado and the American Bureau of Shipping, are among the companies compromised by the Clop ransomware.
Sources: Transport for NSW; Accelion; FireEye; Bleeping Computer.
See the original post at: https://thehack.com.br/agencia-de-transporte-da-australia-e-a-mais-nova-vitima-do-ataque-a-accelion-conheca-as-vitimas/?rand=48873
