minute read Share this article: The threat actors stole data and used Clop’s leaks site to demand money in an extortion scheme, though no ransomware was deployed. Researchers have identified a set of threat actors (dubbed UNC2546 and UNC2582) with connections to the FIN11 and the Clop ransomware gang as the cybercriminal group behind the global zero-day attacks on users of the Accellion legacy File Transfer Appliance product. Click to Register Multiple Accellion FTA customers, including the Jones Day Law Firm, Kroger and Singtel, have all been attacked by the group, receiving extortion emails threatening to publish stolen data on the “CL0P^_- LEAKS” .onion website, according to an investigation from Accellion and FireEye Mandiant. Around 100 companies have been victims of the attack, analysts found, with around 25 suffering “significant data theft.” No ransomware was used in the attacks.