Latest Threat Research: Technical Analysis: Killer Ultra Malware Targeting EDR Products in Ransomware Attacks

Get Informed


Flagstar Bank Suffers Data Breach

US-based bank and mortgage lender Flagstar bank has disclosed that they suffered a data breach after the Clop ransomware gang hacked their Accellion file transfer server in January of this year. In December, cybercriminals affiliated with the Clop ransomware gang began exploiting vulnerabilities in Accellion FTA used by organizations to share sensitive files with people outside of their organization. On Friday of last week, Flagstar bank issued a security disclosure on their website and started notifying customers about the security incident. Accellion informed Flagstar of the incident on January 22, 2021, that their platform had a vulnerability and of the breach. Flagstar permanently discontinued the use of the file-sharing system after being informed of the issue.  “Unfortunately, we have learned that the unauthorized party was able to access some of Flagstar’s information on the Accellion platform and that we are one of the numerous Accellion clients who were impacted,” Accellion warned in the security advisory. Researchers found that the threat group who stole Flagstar’s information from Accellion FTA was not using the December zero-day vulnerability, which had been patched, but rather used a new vulnerability that was discovered in January. After the data was stolen, Flagstar received a ransom note demanding payment in bitcoin or the data would be released to the public. After Flagstar began notifying victims of the data breach, the Clop ransomware gang released screenshots of stolen data with a warning that they had stolen more personal data. The shared screenshots illustrate the types of sensitive customer and employee information stolen, including social security numbers, names, addresses, phone numbers, and tax records.

Analyst Notes

Based on the numerous Accellion data leaks published by the Clop gang, it is clear that they are behind these attacks and will continue to publish stolen data as victims disclose their attacks. Victims of the Flagstar breach are recommended to change all associated passwords, monitor all their banking institutions for malicious activity, and to invest in credit monitoring services for 24-hour monitoring. Companies that utilize the Accellion file sharing systems should perform security audits to verify if there are any vulnerabilities. If there are, they should be patched as soon as possible.

Source Article:

Flagstar Breach Notification: