You are here
NUS, NTU hit by cyber-attacks looking to steal government and research data
BREACHES to the IT systems of the National University of Singapore (NUS) and Nanyang Technological University (NTU) were detected in April and the objective of these cyber-attacks was to steal government information and research documents.
In a statement on Friday, David Koh, chief executive of the Cyber Security Agency (CSA), said: "We know who did it, and we know what they were after." Mr Koh, however, added that the details cannot be revealed for "operational security reasons".
Based on investigations, both universities were hit by APT (advanced persistent threat) attacks. These attacks are carefully planned and are not the work of casual hackers. The objective of an APT attack is usually to steal information related to the government or research.
While Singapore has faced APT attacks before, this is the first time such an attack has been directed towards an educational institution. CSA has alerted other autonomous universities and various government agencies to increase cyber controls.
Intrusions into NTU's networks were detected when the university ran its regular checks on its systems on April 19. NUS detected an unauthorised intrusion into its IT systems on April 11, during cybersecurity assessments by external consultants who had been engaged to strengthen its cyber defence.
According to the CSA, there is no evidence that information or data related to students were being targeted. The daily operations of both universities, including critical IT systems such as student admissions and examinations databases, were also not affected. Both universities have increased vigilance and adopted additional security measures beyond those already in place.