Cyber attack work of group linked to foreign governments
The cyber attack in Singapore that led to the leak of 1.5 million SingHealth patients' personal data was the work of an "advanced persistent threat" group typically linked to foreign governments, Parliament heard yesterday.
Advanced persistent threats (APTs) are stealthy and continuous computer hacking processes to gain intelligence or steal information.
"This refers to a class of sophisticated cyber attackers, typically state-linked, who conduct extended, carefully planned cyber campaigns to steal information or disrupt operations," said Minister for Communications and Information S. Iswaran, responding to 19 questions filed by MPs.
"The APT group that attacked SingHealth was persistent in its efforts to penetrate and anchor itself in the network, bypass the security measures, and illegally access and exfiltrate data," said Mr Iswaran, who is also Minister-in-charge of Cyber Security.
He noted that the attack fits the profile of certain known APT groups.
For national security reasons, he did not identify the attacker or speculate on the motives when asked by Dr Chia Shi-Lu (Tanjong Pagar GRC).
"We have done everything in our means to secure the system to detect any residual risk and eliminate it," said Mr Iswaran.
He has already convened a Committee of Inquiry to get to the bottom of what went wrong.
Last Friday, the 11 critical service sectors in Singapore were told to strengthen the security around their network connectivity gateways to prevent data leakage, even as the Government lifted the pause on new Smart Nation projects that was imposed after the recent data breach at SingHealth.
The Cyber Security Agency's forensic investigations team has extracted the pieces of forensic data used to identify the malicious activities and has instructed owners of critical information infrastructure to scan for them.
APT attacks are not new to Singapore. For instance, the attacks on the National University of Singapore and Nanyang Technological University, discovered in April last year, were also performed by APT groups aimed at stealing government and research data. - IRENE THAM
Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now
