• Office Hours : 08:00 - 17:30

Whitefly behind Singapore’s worst online attack

In the 12 months leading up to mid-2018, Singapore experienced a series of data breaches which has now been termed the city state’s worst cyberattack in history. While its government published a report in January 2019 detailing the process and impact, a recent US report has officially declared state-sponsored espionage group Whitefly as the criminals behind the hack.

Symantec, a cybersecutity firm based in the USA, revealed that its findings were in line with the Singaporean government’s deductions, and although it strongly believed Whitefly was supported by a nation state, it could not “say for certain by whom the group is funded or from whom they take direction.”

The attack involved the theft of 1.5 million Singaporean citizens’ medical health information from the country’s largest healthcare records system, SingHealth, including that of its prime minister, Lee Hsien Loong. In addition to patient records, addresses and national identity numbers were also stolen.

Beyond this, however, Symantec stated that numerous other cyberattacks in Singapore had been carried out over the year-long period, targeting other multinational corporations with operations across the city.

It also believed that Whitefly had stolen data from other telecommunications, defence and energy businesses in Russia and South East Asia, and a British hospitality firm.

But due to the variety of institutions targeted and the range of hacking tools utilised as part of Whitefly’s strategy, it appears as though the cyberattack was fuelled by a broader agenda to ascertain information.

The report states: “It now appears that the SingHealth breach was not a one-off attack and was instead a part of a wider pattern of attacks against organisations in the region.

“Links with attacks in other regions also present the possibility that it may be part of a broader intelligence gathering operation.”

The Cyber Security Agency of Singapore (CSA) has declined to make a comment on Symantec’s report, stating that: “This is an independent investigation report by a commercial entity.”

See the original article here: Cybersecuritynews.co.uk