Singapore’s top universities hit by sophisticated cyber-attacks

The attacks, the first of such sophistication to hit the National University of Singapore (NUS) and Nanyang Technological University (NTU), were detected on April 11 and 19 respectively. — TODAY file pic
The attacks, the first of such sophistication to hit the National University of Singapore (NUS) and Nanyang Technological University (NTU), were detected on April 11 and 19 respectively. — TODAY file pic

SINGAPORE, May 12 — Two of Singapore’s top universities have been hit by sophisticated cyber-attacks aimed at stealing research and government-related information, the authorities announced today.

The attacks, the first of such sophistication to hit the National University of Singapore (NUS) and Nanyang Technological University (NTU), were detected on April 11 and 19 respectively.

The Cyber Security Agency of Singapore (CSA) described the breaches as the work of “advanced persistent threat actors”.

“They are carefully planned and are not the work of casual hackers. The objective may be to steal information related to government or research,” the agency said in a statement.

The agency and the universities did not identify the hackers, or the source from which the attacks originated.

There was no evidence that the hackers were targeting students, said the CSA.

At a media briefing, CSA chief executive David Koh said: “We know who did it, and we know what they were after. But I cannot reveal this for operational security reasons.”

In separate statements, the two universities said they have heightened cyber security measures since the attacks, and that their daily IT operations are unaffected.

However, they gave no details about the scale of the attack or whether the hackers were successful in stealing sensitive information. It is also unclear if any ongoing projects might have been compromised.

The CSA said the hackers’ activities “appear to be limited”, noting that “the universities’ systems are separate from government IT systems”.

Stepped up checks on the networks of other universities, as well as those belonging to the government and other critical sectors, have turned up no sign of suspicious activity, thus far.

The agency added: “The daily operations of both universities, including critical IT systems such as student admissions and examinations databases, were not affected.

“CSA, (the Education Ministry), and the universities will not be able to provide further details about the incident as this could impact the effectiveness of additional defensive and preventive measures being put in place by both universities.”

The two universities said they detected the attacks during checks on their IT networks.

External consultants were conducting tests on NUS’ IT systems on April 11 when they detected “unusual activity”, which subsequent investigations revealed to be a cyber attack.

“Immediate action” was taken to isolate the affected desktop computers and servers, NUS said in its statement. It did not elaborate.

NTU said it detected “intrusions” during routine checks on its IT networks on April 19. The university then sought support from the CSA to track down the affected machines, which it said included “shared personal computers and front-end workstations”.

The affected machines were immediately replaced, said NTU, adding that it will step up efforts to remind staff and students about the importance of cyber-security.

Noting that the two universities had discovered the malicious activities through their own regular checks and called in CSA, Koh said: “We urge all private institutions to be vigilant and through this way secure all our systems. Attackers are not just targeting government systems, but are looking for any kind of network remotely connected to the government, so private organisations need to be on the lookout.” — TODAY