No reason to believe Singapore was target in FireEye hack

There is no reason to believe that Singapore was a target of the recent high-profile hacking attack involving cyber-security company FireEye and software provider SolarWinds Corp, the authorities said late on Tuesday.

Even so, the Cyber Security Agency of Singapore (CSA) said that it sent out an advisory on Dec 9 for companies to disconnect affected cyber-security tools and update systems to protect against cyber criminals.

FireEye, one of the largest cyber-security companies in the US, said earlier this month that it was hacked in a state-sponsored attack. Its hacking tools, which are used to test the defences of its clients, were stolen in the process.

MALICIOUS CODE

The theft stems from malicious code injected by hackers into US-based SolarWinds' software that FireEye used, the cyber-security company said this week after conducting an investigation.

The software facilitates the monitoring of computer networks of businesses and governments for outages.

The malware, in the form of a software update, reportedly allowed hackers to spy on secure information at some of the top agencies in the US.

The attack on FireEye, which holds a range of contracts in the US and its allies, is among the most significant breaches in recent memory. The firm, which last month reported an all-time record revenue of US$238 million (S$316 million) for the third quarter of this year, provides services for international government agencies.

The company is a strategic partner of CSA, which oversees national cyber-security functions and protects Singapore's critical services.

CSA told The Straits Times that based on its understanding, the scope of the FireEye attack was limited and did not affect Singapore.

"Based on the information from FireEye, the attack was highly targeted, with the breach limited to FireEye's US offices. There has been no evidence to suggest that Singapore was or would be a target," it said.

Hackers had gained access through SolarWinds' software called Orion, using malware that was disguised as a software update.

In a public advisory on its website on Monday, the Singapore Computer Emergency Response Team (SingCert) advised organisations to disconnect or power down SolarWinds' Orion products from their networks immediately. SingCert is a unit of CSA.

"Administrators should also review the logs for suspicious activities, check connected systems for signs of compromise and persistence mechanisms, and reset credentials if necessary, especially ones used by or stored in SolarWinds software," said CSA.

"Administrators are also advised to monitor their networks and systems for any suspicious activities."

CSA said it has been in close contact with the US Cybersecurity and Infrastructure Security Agency, as well as FireEye. They have both provided CSA with more information, which the agency said has helped it to better issue advice on what preventive measures to take.