January 20, 2021

New Zealand’s central bank victim of Accellion’s cyberattack

New Zealand’s central bank revealed on Sunday that a third-party file-sharing system used to share and store information on its premises was hacked.

The Reserve Bank’s governor, Adrian Orr, says the bank was not necessarily the target of the cyberattack.

Other users of the file-sharing system, which is provided by Palo Alto-based private cloud solution firm Accellion, were also compromised. The system is called File Transfer Application (FTA).

New Zealand dollar

New Zealand Stock Exchange was also the victim of a cyber attack in the last year

Impact of attack

On 10 January, Orr says the system had “been secured and taken offline” so the bank could investigate.

According to Orr, this didn’t disrupt core functions of the central bank, which remained “sound and operational”.

The bank says the compromised data might include some commercially and personally sensitive information. “External stakeholders” used the file system to share information.

It’s unclear if there is any financial damage incurred by the cyberattack. “It will take time to understand the full implications of this breach and we are working with system users whose information may have been accessed,” says Orr.

Auckland University computer science professor, Dave Parry, tells Radio New Zealand the breach was likely the work of a nation-state, rather than a criminal ring.

“Ultimately if you were coming from a sort of like criminal perspective, the government agencies aren’t going to pay your ransom or whatever, so you’d be more interested probably coming in from a government-to-government level,” he says.

New Zealand Stock Exchange

The New Zealand Stock Exchange (NZX) was also the victim of a cyberattack in the last year.

In August, the Wellington-based NZX exchange suffered four days of attacks in a row. It got so bad the government activated the country’s National Security System.

The distributed denial of service attacks (DDoS) saw the NZX close on the fourth day, after systems kept crashing due to systems connectivity issues.

The government struggled to understand the source of the “offshore” cyberattack. The state’s struggle in locating the source cast doubts on its ability to prevent future attacks.

The latest attack on the country’s central bank will likely raise similar questions once again.

Read next: Banks and bad actors: the race to digitally adapt