Cyberbreach at Singtel part of global attack on govt agencies, varsities

Thousands of organisations hacked through file-sharing system provided by Accellion

The Reserve Bank of New Zealand said last month that the Accellion File Transfer Appliance service was breached on Dec 25. Stolen files included personal e-mail addresses, dates of birth and credit information. It added that its core functions remain
The Reserve Bank of New Zealand said last month that the Accellion File Transfer Appliance service was breached on Dec 25. Stolen files included personal e-mail addresses, dates of birth and credit information. It added that its core functions remained unaffected. PHOTO: REUTERS

The massive hack that hit Singtel recently was part of a wider global cyberbreach that affected thousands of organisations worldwide.

The cyber attacks around December last year involved a file-sharing system provided by cloud services firm Accellion. It is not known who was behind the attacks.

While most of the affected organisations did not acknowledge any ransom demands, the Wall Street Journal reported on Tuesday that Clop ransomware group claimed to have more than 100GB of data from the United States-based international law firm Jones Day and has posted some documents on the Dark Web.

The group also claimed to have contacted the firm - whose major clients include Google, Walmart and former US president Donald Trump - for ransom negotiations.

Jones Day insisted that its own network has not been hacked and that it has not been subjected to any ransomware attack.

But it noted that Accellion's File Transfer Appliance (FTA) platform that it uses was recently compromised and had information taken.

Universities and government agencies that use Accellion were also not spared.

A cyber attack at the University of Colorado in Denver compromised the personal information of students, prospective students and employees, including limited health and clinical data and study and research material.

The university suspended use of the service on Jan 25, the day it was notified of the attack. It was restored three days later after a software patch.

"Unknown actors" compromised computer files at the Washington state Auditor Office on Dec 25, exposing a vast trove of private information in what may be the largest-ever cyberbreach of a Washington state agency, The Seattle Times reported on Feb 1.

The data included driver's licence, social security and bank account numbers of more than 1.4 million unemployment claimants. It also involved audit data of 25 state agencies and 100 local governments as well as adoption files of 30 children and their families.

In Australia, security watchdog Australian Securities and Investments Commission (Asic) said one of its servers provided by Accellion was accessed by an "unidentified threat actor" on Dec 28.

The server contained attachments to credit licence applications submitted to Asic between July 1 and Dec 28 last year.

Asic said that while some "limited information" has been viewed, it did not detect evidence that any information was downloaded.

The Australian Cyber Security Centre later issued an alert about the FTA vulnerability and offered advice for Australian organisations that included "(migrating) to currently supported products".

QIMR Berghofer Medical Research Institute in Brisbane said a breach occurred on Dec 25 when hackers accessed data related to anti-malarial drug trials stored on the Accellion FTA service.

Early investigations indicate that no personal information of the public was in the Accellion system but the CVs of about 30 current and former research staff were and could be accessed.

The research institute had scheduled to decommission the software next month.

The Reserve Bank of New Zealand announced last month that the Accellion FTA service was breached on Dec 25. The bank closed its connection to the FTA when this was discovered.

Stolen files included personal e-mail addresses, dates of birth and credit information, although the bank did not state the number of individuals or organisations affected. It added that its core functions remained unaffected.

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on February 19, 2021, with the headline Cyberbreach at Singtel part of global attack on govt agencies, varsities. Subscribe