Cyber Incident Victim: Singtel
Date:
Dec 2020
Location:
Singapore
Summary
Singtel, a Singaporean telecommunications provider, experienced a data breach stemming from a zero-day vulnerability in Accellion's legacy FTA file-sharing service, which the company utilized for internal and external data exchange. The breach occurred as part of a broader wave of attacks targeting multiple organizations using the compromised Accellion platform, though Singtel has not disclosed specifics regarding accessed data or affected parties. The company took the FTA system offline during its investigation to assess the intrusion's scope and potential impacts, with plans to notify impacted individuals pending further analysis. This incident reflects wider systemic risks associated with third-party file transfer solutions exploited by threat actors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In mid-December 2020, Accellion discovered an actively exploited zero-day vulnerability in its legacy File Transfer Appliance (FTA) software, a secure file transfer solution used by organizations globally. Despite Accellion releasing a patch on December 25, 2020, threat actors had already compromised multiple customers’ systems before remediation could be implemented. Singapore telecommunications provider Singtel disclosed on February 11, 2021, that attackers exploited this vulnerability to illegally access its Accellion FTA instance, which the company used for internal and external information sharing with stakeholders. Singtel immediately took the compromised system offline upon detection and initiated forensic investigations to determine the scope of unauthorized access. The breach’s full impact remained unclear at disclosure, as Singtel had not identified which specific data was exfiltrated or which individuals or organizations were affected. The company committed to notifying impacted parties once investigations confirmed the nature of the compromised information. This incident followed similar Accellion-related breaches at high-profile entities including the Reserve Bank of New Zealand and the Australian Securities and Investments Commission, highlighting the vulnerability’s widespread exploitation.
The QIMR Berghofer Medical Research Institute concurrently disclosed its Accellion FTA breach on February 11, 2021, revealing attackers accessed approximately 620MB (4% of stored data) during the December 25, 2020 exploitation window. The institute received initial patch notification from Accellion on January 4, 2021, but was not alerted about the confirmed compromise until February 2. Compromised data included de-identified clinical trial participant information—initials, birth dates, ages, genders, ethnic groups, and coded identifiers—alongside anonymized medical histories related to anti-malaria drug trials and arbovirus research collaborations. While the data lacked direct identifiers, the coding system prevented QIMR from contacting affected trial participants proactively. Additionally, resumes of approximately 30 employees stored on the FTA system were accessed. QIMR emphasized the absence of identifiable personal or financial data in the breached clinical information but provided public contact details for concerned stakeholders. Both organizations’ incidents demonstrated the cascading consequences of third-party vulnerabilities in legacy file transfer systems.