Energy giant Shell was also hit by hackers this week, following a malware breach in industrial giant Honeywell’s IT systems.

Attackers exploited a zero-day vulnerability in security vendor Accellion’s file transfer program FTA, Shell said on March 16, to have accessed some personal data and data belonging to Shell stakeholders and subsidiaries. Shell uses FTA to “securely” transfer large files.

The incident appears to have only affected the Accellion file transfer service. Shell claims that so far there is “no evidence” that the incident has affected Shell’s IT systems itself and that Shell is working with authorities and regulators to investigate the incident.

Today, the list of companies victimized by hacks that exploited Accellion’s FTA flaw is still growing, such as Michigan-based savings bank and grocery chain Kroger, which previously announced the attack. Jones Day, a prominent law firm, was also hit, according to the Wall Street Journal. Other victims include the Reserve Bank of New Zealand, Washington State, Harvard Business School and cybersecurity firm Qualys.

In recent weeks, Palo Alto-based Accellion has been hit with a class-action lawsuit for failing to ensure the FTA used “sufficiently secure protocols.”

In some cases, hackers exploiting the Accellion vulnerability threatened to release data stolen from victims.

Security researchers are tracking multiple intertwined hacking groups that appear to be involved in the operation. According to FireEye researchers, a group called UNC2546 appears to be the first to exploit the Accellion FTA zero-day vulnerability, and another group called UNC2582 appears to be using the stolen data to blackmail victims.

In the ransomware emails sent to victims, UNC2582 claimed to be associated with the Clop ransomware group.

According to FireEye, there is an overlap between these observed hacking groups and another attack group, FIN11.