A string of attacks exploiting a legacy file transfer product have been linked to well-known financial cybercrime gang FIN11. The attacks on the New Zealand Central Bank, Singtel, Kroger and many more exploited multiple zero-day vulnerabilities in Accellion’s FTA product and are being tracked by FireEye as UNC2546. “The motivation of UNC2546 was not immediately apparent, but starting in late January 2021, several organizations that had been impacted by UNC2546 in the prior month began receiving extortion emails from actors threatening to publish stolen data on the ‘CL0P^_- LEAKS’ .onion website,” the vendor explained. “Some of the published victim data appears to have been stolen using the DEWMODE web shell.”