Iranian hackers targeted Singapore universities
Syndicate linked to Iranian government breached 52 staff accounts and also tried to hack into more than 300 universities worldwide
Four Singapore universities were attacked by an Iranian hacking syndicate that is believed to have pilfered more than 31 terabytes of academic data and intellectual property from varsities across the world.
There was a breach of 52 staff accounts across Nanyang Technological University (NTU), National University of Singapore (NUS), Singapore Management University and Singapore University of Technology and Design, said the Cyber Security Agency (CSA) of Singapore and Ministry of Education (MOE) yesterday.
The nine Iranians allegedly responsible have been charged in the US for attempting to hack into 144 US and 176 foreign universities across 21 countries - including those in Singapore - at the behest of the Iranian government, the US Department of Justice said in a March 23 statement.
The CSA said it received information on the breach in the user accounts of the local universities last week and alerted the MOE and the institutions.
"The universities have stepped up their vigilance and users have been advised to change their passwords immediately," the agencies told The Straits Times.
The CSA also said the incident did not appear to be linked to last year's cyber attacks on the NUS and NTU networks, and "at this time" there was no evidence that sensitive information had been breached.
Based on investigations, the incident was a phishing attack where staff were directed to a credential harvesting website to key in their login details.
The credentials were then used to gain unauthorised access to the institutes' library website to obtain research articles published by the staff, said the agencies.
Among the accounts affected were those of faculty members. The four universities said measures such as resetting of passwords and scanning of affected computers were carried out following the alert.
Internal investigations are also ongoing as the institutes continue to work with the authorities on the matter.
Charges against the Iranians, which were made public on March 23, include several counts of identity theft, fraud and conspiracy to commit computer intrusions.
The group is also accused of being linked to the Mabna Institute, an Iran-based company that has conducted a coordinated campaign of cyber intrusions into computer systems since 2013, the US Department of Justice said in a statement.
Data from all fields of research and academic disciplines, such as science and technology, engineering, medical and social sciences, were targeted in what US court papers termed the "University Hacking Campaign".
The campaign, which took place from 2013 to 2017, targeted over 100,000 accounts of professors worldwide. About half of those targeted were at US-based universities.
About 8,000 professor accounts worldwide were compromised, of which 3,768 belonged to academics in US-based universities, said the court papers.
The data and compromised account details were then allegedly used to benefit the Iranian government, specifically the Islamic Revolutionary Guard Corps, and other Iranian customers, including Iran-based universities, the US Justice Department said.
The identities of the hackers involved in the previous attacks on NUS and NTU last April have not been revealed, but they were believed to have infiltrated the networks to steal government-related information.