The Cybersecurity and Infrastructure Security Agency issued an alert Feb. 24 to medical, finance, telecommunications and government organizations about several unpatched vulnerabilities in Accellion's File Transfer Appliance that hackers have taken advantage of.
The joint alert comes from CISA as well as security agencies in the U.K., Australia, New Zealand and Singapore. The agencies said four known vulnerabilities in the FTA platform, which provides data file transfer services, have been exploited by hackers.
Healthcare insurer Centene and Kroger pharmacy have both been affected by Accellion's vulnerabilities. In January, Accellion notified Centene that its data was subjected to unauthorized access for a number of days due to the cyber issues, according to a recent SEC filing.
Centene said the investigation is ongoing, but that it does not believe the breach will have "a material adverse effect on our business, reputation, results of operations, financial position and cash flows," according to the filing.
Kroger on Feb. 19 also confirmed that some pharmacy customers may be affected by Accellion's data breach, which the company employed for third-party file transfers. Hackers gained access to Kroger's pharmacy and money services by manipulating a vulnerability in Accellio's file transfer service.
Cybersecurity company FireEye Mandiant and Accellion have investigated the incident and found that the exploits began in mid-December. They suspect Clop ransomware actors and the FIN11 group are behind the attacks and exploited several unpatched zero-day flaws in its file transfer appliance product, which resulted in data theft.
CISA and the other security agencies advised all organizations using Accellion's file transfer appliance to temporarily isolate or block internet access to and from systems hosting the software and review the system for any evidence of malicious activity.