At the heart of the incident, SAO says, was Accellion software used for file transfers. Hackers exploited a security flaw in the file sharing service and gained access to restricted files.
Called FTA (File Transfer Application), Accellion’s service in mid-December received a patch for a critical vulnerability impacting less than 50 customers. The fix was sent to all affected organizations.
Despite that, the vulnerable service has been exploited by hackers to breach the systems of other Accellion customers as well, namely the Reserve Bank of New Zealand and the Australian Securities and Investments Commission (ASIC).