The National University of Singapore (NUS) and Nanyang Technological University (NTU) suffered separate IT network breaches in April, according to the Cyber Security Agency (CSA) and the Ministry of Education (MOE) on Friday (May 12).
On Apr 11, NUS detected an unauthorised intrusion into its IT systems through a single server, while NTU detected a malware attack on Apr 19 possibly due to phishing or browsing of infected sites.
Both universities then alerted CSA, which has since been assisting them by conducting forensics and implementing mitigating measures, the joint press release added.
The objective of the attacks “may be to steal information related to Government or research”, said authorities, adding that “there is no evidence that information or data related to students was being targeted”.
Malicious activity was also detected in other institutions, Government agencies and industries during this period – but these were isolated and limited incidents which were quickly cleaned up, Channel NewsAsia understands.
“NOT WORK OF CASUAL HACKERS”
This is the first sophisticated cyber attack on Singapore universities. It was targeted, carefully planned and “not the work of casual hackers”, said authorities.
The attacks were not part of a coordinated, orchestrated campaign and were not identical – they did not originate from the same place, and were not conducted by the same people.
But Advanced Persistent Threat (APT) actors – perpetrators who managed to gain access to a network without being detected and able to continuously access information whenever they wanted over a period of time – were involved in both incidents.
“However, as the universities’ systems are separate from Government IT systems, the extent of the APTs’ activities appear to be limited,” said CSA and MOE. “The daily operations of both universities, including critical IT systems such as student admissions and examination databases, were not affected.”
Said CSA chief executive David Koh: “We know who did it, and we know what they were after. But I cannot reveal this for operational security reasons.”
CSA, MOE and the universities said they would not be able to provide further details about the incident as it “could impact the effectiveness of additional defensive and preventive measures being put in place”.
ADDITIONAL SECURITY MEASURES IMPLEMENTED
A NUS spokesperson said “immediate action was taken to isolate and remediate affected desktop computers and servers”. Similarly, NTU said it immediately removed and replaced affected machines which included shared personal computers and front-end workstations.
“NUS and NTU have increased vigilance, and adopted additional security measures beyond those already in place,” said the authorities.
CSA has reached out to other autonomous universities in Singapore, as well as Critical Information Infrastructure (CII) sectors and Government, to step up monitoring and checks on their networks.
“There has been no sign of suspicious activity in CII networks or Government networks thus far,” said authorities.
The latest cyber attack comes on the heels of the Ministry of Defence’s revelation in February that the personal data of 850 national servicemen and employees were stolen following a breach in its I-net system. The Ministry of Foreign Affairs’ IT system was also breached, according to Minister for Communications and Information Yaacob Ibrahim in Parliament in 2015.
CSA’s Mr Koh previously said that from 2015 to June 2016, there have been 16 waves of targeted cyberattacks surfaced to the agency’s attention.