The government of Singapore says attackers responsible for a recent breach, largely being called the country’s worst in history, are likely inked to a state-backed advanced persistent threat group.
S. Iswaran, Singapore’s minister of communications and information, said in a statement to the country’s parliament Monday that a government analysis of the attack shows that it is the work of known state-linked threat actors. Iswaran stopped short of naming the APT group in question, citing “national security reasons.”
“The APT group that attacked SingHealth was persistent in its efforts to penetrate and anchor itself in the network, bypass the security measures, and illegally access and exfiltrate data,” Iswaran said in a statement.
According to the AFP news agency, third-party security researchers had already indicated that the attack was linked to state-backed hackers. Iswaran’s remarks shed more light on the perceived sophistication behind the attack, albeit without attribution.
Singapore initially announced the attack on July 20, Reuters reported. The personal information of 1.5 million patients of SingHealth, a national group of health care institutions, including that of Prime Minister Lee Hsien Loong. Additionally, the hackers made off with the outpatient dispensed medication records of 160,000 patients. But for the rest, the stolen data did not include medical records.
According to Iswaran, between June 27 and July 4, the hackers infected a computer on SingHealth’s network and “stealthily” made their way to servers hosting the records that were eventually stolen.
“The attacker used advanced and sophisticated tools, including customised malware that was able to evade SingHealth’s anti-virus software and security tools. After establishing a foothold in the network, the attacker took steps to remain in the system undetected, before stealing the patients’ information,” Iswaran said.
The government has set up a four-person inquiry panel to further investigate the incident. In addition, consulting firm PricewaterhouseCoopers (PWC) and the Singapore Cyber Security Agency are working to mitigate any lingering security issues in the systems that were compromised, according to Reuters.
Singapore is seen as a leader among its Southeast Asian neighbors in cybersecurity, investing heavily in the field. For the island nation of roughly 5.7 million people, the number affected by the breach reflects a more than quarter of the population.
“We will do our utmost to strengthen our cybersecurity. But it is impossible to completely eliminate the risk of another cyber-attack. This is an ongoing battle with potential cyber attackers who are constantly developing their capabilities and seeking out new vulnerabilities,” Iswaran said.