Singapore's multinational telecommunications conglomerate Singtel has been breached by an attack on a file-sharing system from Accellion that is nearing its end-of-life, with the breach ocurring on 20 January, the telco says.
It said it had suspended use of the system after Accellion informed it about a cyber attack on its systems. Singtel is the owner of Optus, Australia's second biggest telco.
A number of organisations in other countries have also been affected by the same vulnerability, with more than 300 companies said to have taken a hit. In Australia, the Brisbane-based QIMR Berghofer Medical Research Institute was among the victims.
The Singtel statement said customer information may have been compromised. "We are working urgently to conduct an impact assessment, to determine the nature and extent of data that has been potentially accessed. We will notify all affected individuals and organisations once we identify which files relevant to them were illegally accessed," it said.
In a statement, Accellion said its FTA product was hit by an attack on 23 December. "At this time, Accellion has patched all known FTA vulnerabilities exploited by the attackers and has added new monitoring and alerting capabilities to flag anomalies associated with these attack vectors," the company said.Singtel said it had been using the FTA system for sharing information both internally and externally. It said it was informed of the vulnerability on 23 December and applied patches to fix it, one on 24 December and a second on 27 December.
"On 23 January, Accellion issued another advisory citing a new vulnerability which the 27 December patch was not effective against and we immediately took the system offline. On 30 January, Accellion provided another patch for the new vulnerability ..
Support the originator by clicking the read the rest link below.
