SingHealth breach work of a typical state-linked group

The cyber attack, in which data of patients who visited SingHealth's specialist outpatient clinics and polyclinics was leaked, fits the profile of certain known advanced persistent threat groups, which are typically state-linked.
The cyber attack, in which data of patients who visited SingHealth's specialist outpatient clinics and polyclinics was leaked, fits the profile of certain known advanced persistent threat groups, which are typically state-linked.ST FILE PHOTO

The cyber attack in Singapore that led to the leak of 1.5 million SingHealth patients' personal data was the work of an "advanced persistent threat" group that is typically state-linked, Parliament heard yesterday.

Advanced persistent threats (APTs) are stealthy and continuous computer hacking processes to gain intelligence or steal in-formation.

"This refers to a class of sophisticated cyber attackers, typically state-linked, who conduct extended, carefully planned cyber campaigns to steal information or disrupt operations," said Minister for Communications and Information S. Iswaran, responding to 19 questions filed by MPs.

"The APT group that attacked SingHealth was persistent in its efforts to penetrate and anchor itself in the network, bypass the security measures, and illegally access and exfiltrate data," said Mr Iswaran, who is also Minister-in-charge of Cyber Security.

He noted that the attack fits the profile of certain known APT groups. For national security reasons, he did not identify the attacker or speculate on the motives even when asked by Dr Chia Shi-Lu (Tanjong Pagar GRC).

"We have done everything in our means to secure the system to detect any residual risk and eliminate it," said Mr Iswaran.

He has already convened a Committee of Inquiry to get to the bottom of what went wrong. Lessons will be drawn from the incident to strengthen the safeguards of Singapore's critical information infrastructure (CII), including those in aviation, healthcare, land transport, maritime and media.

 
 

Last Friday, the 11 critical service sectors in Singapore were told to strengthen the security around their network connectivity gateways to prevent data leakage, even as the Government lifted the pause on new Smart Nation projects that was imposed after the recent data breach at SingHealth.

The Cyber Security Agency's (CSA) forensic investigations team has extracted the pieces of forensic data used to identify the malicious activities and has instructed CII owners to scan for them.

APT attacks are not new to Singapore. For instance, the attacks on the National University of Singapore and Nanyang Technological University, discovered in April last year, were also performed by APT groups aimed at stealing government and research data.

 
A version of this article appeared in the print edition of The Straits Times on August 07, 2018, with the headline 'SingHealth breach work of a typical state-linked group'. Print Edition | Subscribe