Singaporean telecommunications company Singtel has launched an investigation to establish the extent of a cyberattack on the Accellion File Transfer Appliance (FTA) system it uses.
Singtel has also suspended all use of the system and is working with cyber security experts and relevant authorities, including the Cyber Security Agency of Singapore which is providing guidance.
The company concedes customer information may have been compromised but pledges it will support them and help them manage any risks. It will also notify them when illegally accessed files relevant to them have been identified.
The telecom said of FTA: “This is a standalone system that we use to share information internally as well as with external stakeholders.”
Singtel described the breach as an isolated incident and its core operations remain unaffected and sound.
In a 1 February update, California-based Accellion said it has patched all known FTA vulnerabilities exploited by the attackers and added new monitoring and alerting capabilities to flag anomalies associated with the hackers.
It described FTA as a legacy large-file transfer product which, being 20 years old, is nearing end-of-life.
The concerted cyberattacks began mid-December and continued into January, according to Accellion.
The company’s chief information security officer, Frank Balonis, said: “We remain committed to assisting our FTA customers, but strongly urge them to migrate to kiteworks as soon as possible.” Kiteworks is Accellion’s up-to-date content firewall platform, serving most of its customers.
The company added: “FTA’s maturity notwithstanding, these exploits demonstrate a highly sophisticated attack.”