Situation
Singtel, a major internet service provider in Singapore, shared on its website on 11 February 2021 that a nearing end-of-life third-party file-sharing system provided by Accellion called FTA (File Transfer Application) has been illegally accessed by unidentified hackers. There is an alleged SQL injection vulnerability on Accellion FTA that an adversary can exploit to install a web shell on the victim’s system. A web shell is a malicious script that typically includes different functionalities such as file listing, downloading of files and clean-up on compromised system. An adversary can make use of the web shell to gain control of the server to perform various activities on the file sharing server leading to a potential data breach.
Our Actions
Our Recommendations
As investigations are underway, we are expecting additional malware and TTPs to be uncovered. We will continue to provide updates on the incident, and inform you about additional recommendations.
If you suspect that you could have been affected by the incident, you can contact us for digital forensic and incident response services. You can take preemptive measures to protect your assets against new and unknown threats through our threat hunting and threat intelligence programme. Contact us at marketing@ensigninfosecurity.com for more information.