Data stolen during an attack on Singapore’s multinational telecommunications conglomerate Singtel, which the company says was exfiltrated on 20 January last year, has been lying on the dark Web since February 2021 and was reposted to a clear Web forum on 7 October, a security professional says.
Brett Callow, a senior security researcher with the New Zealand-based Emsisoft, told iTWire that the data had been originally posted on the dark web site of the Windows ransomware group, Cl0p.
“In February 2021, Cl0p posted data that it claimed was stolen from Singtel, and it’s that data which Singtel states is now being shared via the forum in question,” he said. [A screenshot he took at the time is below.]
Callow’s statement appears to refute a claim made the Guardian Australia which read: “Singtel informed those affected, but the post on the data leak forum is believed to be the first time the data has purportedly been posted online.”
|
Callow said he had grabbed a screenshot of the data from Cl0p’s site when he first spotted the Singtel data siphoned off during the Accellion attack.
Singtel has been in the news ever since Optus, Australia’s second-biggest telecommunications provider that is owned by the Singapore outfit, revealed a massive breach on 22 September. Initially, there were said to be close to 10 million users, past and present, who were affected.
Adding to that was the appearance of the data stolen during what a Singtel spokesperson said was an attack through a file-sharing system from Accellion that was close to end-of-life at the time.
To top it off, on Monday afternoon, Singtel revealed that its Australian IT services firm Dialog had been hit by a data breach. iTWire’s sources say this breach has been effected using the Agenda ransomware that runs only on Windows.
Callow said a more interesting question about the Accellion attack data surfacing now was who had posted it to the Web forum and the motivation behind it.
A screenshot of the post accompanying old Singtel data put on the Web on 7 October.
He did not offer any speculation about this, though the normal motive for anyone to post data that has been stolen is to make a quick buck.
GET READY FOR XCONF AUSTRALIA 2022
Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.
In its fifth year, XConf is our annual technology event created by technologists for technologists.
Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.
Explore how at Thoughtworks, we are making tech better, together.
Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.
Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event
PROMOTE YOUR WEBINAR ON ITWIRE
It’s all about Webinars.
Marketing budgets are now focused on Webinars combined with Lead Generation.
If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.
The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.
Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.
We look forward to discussing your campaign goals with you. Please click the button below.
Read More: itwire.com