Stakeholders’ Personal Records Leaked in Recent Shell/Accellion Breach

Share this post
Stakeholders’ Personal Records Leaked in Recent Shell/Accellion Breach

Shell, the multinational oil giant, disclosed in late March that the personal information of some of its stakeholders and business data from linked organizations have been compromised after a successful attack on its network. 

It was disclosed by the company that a still-unknown malicious agent breached into the system, accessing files containing sensitive data belonging to Shell companies and their stakeholders.

Further investigation showed that the attack is connected to Accellion’s File Transfer Appliance (FTA), a legacy product that organizations use to transfer large files. This Accellion product, which has now been retired from the market, has a story of vulnerabilities and security issues that we will address in the following lines.

Shell’s Breach and Response

Shell’s disclosure on this security event, it was known that all affected stakeholders were already contacted. Law enforcement agencies and regulators were fully informed as well and already working with Shell and impacted parties. However, it was not disclosed how many individuals were directly affected by the issue.

Shell also shared that the route of access in the case of this incident was isolated from the central infrastructure, effectively controlling the damage. 

The company made a commitment to improving the security of its IT systems and monitor the potential threats to its stakeholders more effectively.

Accellion’s Track Record

A central part of this breach is Accellion’s File Transfer Appliance (FTA), a legacy product that is used by organizations to transfer large files. Thousands of organizations are currently using the product. Shell used this enterprise software for this purpose and apparently it ended up creating an exploitable vulnerability for the threat actor.

Accellion’s FTA has been linked to a series of security issues at different points in time. The now-retired product contained a zero-day vulnerability that was quickly used by malicious agents before it was patched three days after the vendor was informed about it.

Back in December 2020, FireEye discovered that the Clop ransomware group was conducting a campaign to exploit vulnerabilities in Accellion software, profiting from unknown security issues in the legacy product. The assessment also led to identifying two new vulnerabilities, these ones being only accessible by authenticated users.

In early January, the Reserve Bank of New Zealand reported that it suffered an illegal breach of its systems. It was discovered shortly after that the threat agent used Accellion’s product to break into the network, stealing commercially and personally sensitive data.

Also in January, the Australian Securities and Investments Commission (ASIC) disclosed a server breach also related to the Accellion software in question.

In early February, Singapore Telecommunications Limited, commonly known as Singtel, reported that it had to suspend all use of Accellion software used for large-file sharing as a threat agent used to breach into the infrastructure and cause a leak of customer data.

Then in early March, the cybersecurity firm Qualys disclosed a new breach linked to Accellion’s FTA. In this case, the damage was very limited and had no real impact on operations nor customer data.

More Articles by Julie Security

Why Julie Security

We have you covered with full hands-on, end-to-end support

Pricing

No upfront investment needed.
Easy and fast onboarding.

Delivery

Continuous, predictable, and automatic cybersecurity.

Incident Response

Cyber-specialists ready to mitigate cyber-threats for your facility.

Juliesecurity Logo

Download a sample report

The best way to understanding our value is to see it with your own eyes. A risk assessment report is a powerful tool helping mitigate cybersecurity vulnerabilities.

Welcome to Julie Security

Map your OT and IoT assets. Monitor your networks. Protect your facility from cyber attacks. Do it with the Julie Security Intrusion Detection Platform.

By clicking the “Sign Up” button, you are creating a Julie Security account, and you agree to the
Terms of Use and Privacy Policy.