CLOP adds more firms to their leak site — but are they all Accellion clients? (UPDATED)

The threat actors known as “CLOP” have added three more firms to their leak site:  Bombardier, Pentair, and CSA Group.

All three firms have revenues that make them lucrative targets for “big game hunting.”  But were all of these firms clients of Accellion, as were Jones Day and some other firms listed on CLOP’s leak site?

Bombardier has not replied to an inquiry sent to it this morning asking if their breach was related to the Accellion attack, but LeMagIT reports that it is likely to be related. Like DataBreaches.net, they have received no reply to a similar inquiry they sent the firm, but referring to other companies who have been linked to the Accellion breach, they write:

these five companies have historically published web portals where customers or third parties could send and receive large files using the appliance Accellion file transfer. And this also applies to Bombardier, according to data from specialist search engine Shodan, at least until the end of January.

This post will be updated if a reply from Bombardier is received. DataBreaches.net has also sent an inquiry to Pentair of a similar nature.

Update: Bombardier issued the following statement that appears to confirm that this was related to the Accellion breach:


Bombardier Statement on Cybersecurity Breach

Bombardier (TSX: BBD.B) announced today that it recently suffered a limited cybersecurity breach. An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated from the main Bombardier IT network.

In accordance with established cybersecurity procedures and policies, Bombardier promptly initiated its response protocol upon detection of the data security incident. As part of its investigation, Bombardier sought the services of cybersecurity and forensic professionals who provided external confirmation that the company’s security controls were effective in limiting the scope and extent of the incident. Bombardier also notified appropriate authorities, including law enforcement, where required and will continue to work with the authorities as the investigation continues.

Forensic analysis revealed that personal and other confidential information relating to employees, customers and suppliers was compromised. Approximately 130 employees located in Costa Rica were impacted. Bombardier has been proactively contacting customers and other external stakeholders whose data was potentially compromised. The ongoing investigation indicates that the unauthorized access was limited solely to data stored on the specific servers. Manufacturing and customer support operations have not been impacted or interrupted. Bombardier can also confirm the company was not specifically targeted—the vulnerability impacted multiple organizations using the application. Bombardier will continue to assess the situation and stay in close contact with its clients, suppliers and employees, as well as other stakeholders.

With the ever-increasing number and sophistication of cybersecurity attacks on corporate groups, Bombardier remains committed to maintaining the integrity of its IT infrastructure and safeguarding employee, client and supplier information.

About Bombardier

Bombardier is a global leader in aviation, creating innovative and game-changing planes. Our products and services provide world-class experiences that set new standards in passenger comfort, energy efficiency, reliability and safety.

Headquartered in Montréal, Canada, Bombardier is present in more than 12 countries including its production/engineering sites and its customer support network. The Corporation supports a worldwide fleet of approximately 4,900 aircraft in service with a wide variety of multinational corporations, charter and fractional ownership providers, governments and private individuals.

News and information is available at bombardier.com or follow us on Twitter @Bombardier.


Update 2:  Pentair sent the following statement to DataBreaches.net:

Thank you for reaching out to us; we appreciate your inquiry as Pentair takes cybersecurity seriously. Pentair has not used Accellion since the Fall of 2020. Additionally, Pentair was not on the FTA platform at that time. Pentair remains committed to safeguarding employee, supplier, and customer information.

Luckily for them, they were not using the service by mid-December. But then how did they wind up on CLOP’s leak site?  DataBreaches.net is following up on that.

Pentair responded to this site’s follow-up inquiry asking whether they could confirm that they had had a breach:

Thank you for your inquiry. We are conducting a thorough investigation of this matter. Pentair takes cybersecurity seriously, and is committed to safeguarding employee, supplier and customer information

About the author: Dissent

Leave a Reply

Your email address will not be published.Email address is required.

This site uses Akismet to reduce spam. Learn how your comment data is processed.