In recent months, the Australian Securities and Investment Commission (ASIC) have stated that they were the victims of a cyber-attack which allowed threat actors to access credit licence applications. The incident was related to ASIC’s use of the Accellion software, which allowed them to transfer files and attachments on their core system.
The incident took place when unauthorized access to the system’s server was granted, allowing the threat actors to gain access to the credit license documents stored on that particular server.
Threat Actors Responsible for Cyber-Attack
Following additional analysis performed by ASIC’s independent cyber experts, it is highly unlikely that the threat actors accessed any data held on the ASIC server, including filenames of the attachments related to Australian credit licence applications submitted to ASIC between 1 July 2020 and 28 December 2020.
The Accellion software itself had some vulnerabilities, and the company started to roll out patches in December 2020 and January 2021. However, an investigation report by FireEye claims that the group behind those attacks are the FIN11, along with the ransomware group CLOP. These threat actors were responsible for several breaches globally in both the private and public sectors.
Contact us at Agilient for cyber-attack, system security consultations and mitigation strategies.
Author: Saeed Baayoun, Agilient Consultant