Attackers targeted Accellion FTA in New Zealand Central Bank attack

The root cause for the hack of the New Zealand Central Bank was the Accellion FTA (File Transfer Application) file sharing service.

During the weekend, the New Zealand central bank announced that a cyber attack hit its infrastructure. According to the Government organization, one of its data systems has been breached by an unidentified hacker, commercially and personally sensitive information might have been accessed by the attackers.

According to Governor Adrian Orr the attack did not impact the bank’s core operations, anyway, it added that the security breach has been contained. In response to the incident, the affected system had been taken offline.

“We are actively working with domestic and international cyber security experts and other relevant authorities as part of our investigation. This includes the GCSB’s National Cyber Security Centre which has been notified and is providing guidance and advice,” the bank’s governor, Adrian Orr, said.

“We have been advised by the third party provider that this wasn’t a specific attack on the Reserve Bank, and other users of the file sharing application were also compromised.” “We recognise the public interest in this incident however we are not in a position to provide further details at this time.”

National authorities immediately launched an investigation into the incident with the help of cybersecurity experts.

According to the bank, threat actors compromised a service that stored commercially and personally sensitive information.

Early this week, the Reserve Bank of New Zealand confirmed that it uses Accellion FTA service to share information with external stakeholders.

“The Reserve Bank of New Zealand – Te Pūtea Matua continues to respond with urgency to a breach of a third party file sharing service used to share information with external stakeholders.” reads the press release published by the Reserve Bank.

The bank confirmed that a third party file sharing service provided by Accellion called FTA (File Transfer Application), which it was using, was illegally accessed in mid-December.

The bank is not providing additional information on the intrusion to avoid affecting the investigation.

According to Ancellion, less than 50 customers were affected by the flaw.

“In mid-December, Accellion was made aware of a P0 vulnerability in its legacy File Transfer Appliance (FTA) software. Accellion FTA is a 20 year old product that specializes in large file transfers.” reads the advisory published by the company. “Accellion resolved the vulnerability and released a patch within 72 hours to the less than 50 customers affected.”

Accellion pointed out that its enterprise content firewall platform, kiteworks, was not involved in any way.

“While Accellion maintains tight security standards for its legacy FTA product, we strongly encourage our customers to update to kiteworks, the modern enterprise content firewall platform,for the highest level of security and confidence,” concludes the US-based vendor.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, New Zealand)

[adrotate banner=”5″]

[adrotate banner=”13″]