Joint Advisory: Exploitation of Accellion File Transfer Appliance

24 Feb 2021 02:48 PM

Cyber security organisations in the UK, USA, Australia, New Zealand, and Singapore publish advice to defend against malicious cyber actors.

Recommended mitigation for cyber attacks leveraging vulnerabilities to target Accellion File Transfer Appliance (FTA) customers has today been published by the UK’s National Cyber Security Centre, the US Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing Analysis Center (MS-ISAC), the Australian Cyber Security Centre (ACSC), the New Zealand National Cyber Security Centre (NZ NCSC), and the Cyber Security Agency of Singapore (CSA).

An NCSC spokesperson said:

“The NCSC is committed to protecting the UK against cyber attacks and, working alongside our allies, we will continue to strengthen our defences to make us the hardest possible target.

“We would encourage Acellion File Transfer Appliance customers in the UK to follow the recommended mitigation outlined in this advisory and report any suspicious activity to the NCSC

Further information

The advisory states that organisations with Accellion FTA should:

If malicious activity is identified, obtain a snapshot or forensic disk image of the system for subsequent investigation, then:

Accellion has announced that FTA will reach end-of-life (EOL) on April 30, 2021. Replacing software and firmware/hardware before it reaches EOL significantly reduces risks and costs.

The NCSC recommends following vendor best practice in the mitigation of vulnerabilities. Accellion has release ongoing patches as these vulnerabilities have been discovered: Accellion Provides Update to Recent FTA Security Incident | Accellion.

To report a cyber security incident visit:

Read the advisory in full