Two Singapore universities targeted by APT attacks

The Cyber Security Agency of Singapore (CSA) has announced that the IT networks at two universities in Singapore were breached last month.

Intrusions into Nanyang Technological University's (NTU's) networks were detected when the university ran its regular checks on its systems on 19 April, CSA said. The National University of Singapore (NUS) detected an unauthorised intrusion into its IT systems on 11 April, during cybersecurity assessments by external consultants who had been engaged to strengthen its cyber defence.

In each instance, NTU and NUS promptly alerted the Cyber Security Agency of Singapore (CSA), which has been assisting the affected universities to conduct forensic investigations to understand the nature and extent of these attacks. CSA is also assisting with incident response and immediate measures to mitigate potential impact. At both NTU and NUS, affected desktop computers and workstations were isolated, removed and replaced. CSA is working closely with the universities in ongoing investigations.

Based on investigations, both the attacks were the work of advanced persistent threat (APT) actors, CSA said. "They are carefully planned and are not the work of casual hackers. The objective may be to steal information related to government or research. There is no evidence that information or data related to students was being targeted. However, as the universities’ systems are separate from government IT systems, the extent of the APTs’ activities appear to be limited. The daily operations of both universities, including critical IT systems such as student admissions and examinations databases, were not affected. Nonetheless, NUS and NTU have increased vigilance, and adopted additional security measures beyond those already in place," the agency noted in a statement.

CSA’s Singapore Computer Emergency Response Team (SingCERT) has also reached out to the other autonomous universities (AUs) and informed critical information infrastructure (CII) sectors and the government sector to step up monitoring and checks on their networks. According to CSA, there has been no sign of suspicious activity in CII networks or government networks to date.

Nick Savvides, Security Advocate, Symantec Asia Pacific and Japan, commented that APT attacks may employ different techniques including malware, spyware, phishing, and spam. "These attacks are specially crafted against a victim and cyber-attacks who employ such techniques often have a clear goal or type of informational that they are looking to obtain," he said.

""Unlike the fast-money schemes typical of more common targeted attacks, APTs are designed to satisfy the requirements of international espionage and/or sabotage, usually involving covert state actors. The objective of an APT may include military, political, or economic intelligence gathering, confidential data or trade secret threat, disruption of operations, or even destruction of equipment. The groups behind APTs are well funded and staffed; they may operate with the support of military or state intelligence."

Savvides noted that APTs differ from other types of targeted attacks in using customised tools and intrusion techniques, and being 'low and slow' to escape detection. "Widely reported APT attacks have been launched at government agencies and facilities, defense contractors, and manufacturers of products that are highly competitive on global markets," he added.

Interested?

Organisations and managed service providers which have found signs of malicious activity in their networks should contact SingCERT at +65 6323 5052 or via email at singcert at csa.gov.sg if they require any assistance.