News Hackers attack corporate Networks via File Zend File sharing Servers


Jeremys

Essential
Joined
28.09.20
Messages
75
Reaction score
232
Points
18
This campaign is very similar to the attacks through vulnerabilities in the Accellion FTA file sharing solution in December 2020.

Cybercriminals are hacking into corporate and government computer systems to steal sensitive data through two vulnerabilities in a popular file-sharing server. As part of a global malicious campaign, hackers have already attacked the office of the Prime Minister of Japan.

Attackers exploit vulnerabilities in popular network file sharing solutions FileZen from the Japanese company Soliton. This campaign is very similar to the attacks through vulnerabilities in the file-sharing software Accellion FTA, discovered by hackers in December 2020. The victims of the cyber attacks were the Central Bank of New Zealand, the law firm Allens, the University of Colorado, the Singapore telecommunications company Singtel, etc.

The principle of operation of Accellion FTA and Soliton FileZen is the same. Both products are used to store large files that cannot be sent by email. Users usually upload files to the FileZen server, and then get links to them through the web panel, which they can share with their work colleagues. Like most similar vendors, Soliton provides both a cloud-based version of FileZen and standalone servers that can be installed locally to meet certain data privacy requirements in high-security environments.

According to sources of The Record, cybercriminals discovered a combination of two vulnerabilities that began to be exploited in January of this year. With their help, attackers hacked FileZen installations connected to the Internet that were not protected by a firewall.

Vulnerabilities CVE-2020-5639 and CVE-2021-20655 were fixed by the manufacturer in December 2020 and February 2021, respectively. The first one allows you to download malicious files to the device, and the second one allows you to run commands on the OS with administrator privileges. To avoid their exploitation by hackers, users are recommended to upgrade to version 4.2.8 or 5.0.3.

According to the sources, there is not enough data to link the attacks via Accellion FTA and Soliton FileZen. However, experts would not be surprised if the attacks on Soliton FileZen were launched by the same cybercrime group after the attacks on Accellion FTA became known to the general public.
 
Top Bottom