Chinese state-sponsored hackers allegedly breach SingTel in global telecommunications attacks

Date:

Box 1


In a confidential investigation disclosed by Bloomberg, Singapore Telecommunications Ltd (SingTel), the largest mobile carrier in Singapore, was reportedly breached by Chinese state-sponsored hackers this summer.

Box 2

The attackers, identified as Volt Typhoon, allegedly infiltrated SingTel’s systems as part of a wider effort to compromise telecommunications infrastructure worldwide, with potential motives ranging from espionage to strategic disruption, according to two individuals familiar with the incident who spoke under the condition of anonymity.

The breach of SingTel follows a pattern of Chinese cyber intrusions into critical telecommunications networks, with particular focus on US operators. Officials in the United States have flagged similar breaches involving another Chinese-linked group, Salt Typhoon.

Recent reports from the Wall Street Journal noted that Salt Typhoon allegedly accessed US telecommunications systems used for court-authorised network wiretapping by AT&T Inc and Verizon Communications Inc.

Box 3

These intrusions have raised significant national security concerns, as such access could potentially enable surveillance on high-profile individuals and government officials.

In addition to recent breaches, there has been a longer-standing campaign by Chinese-linked threat actors targeting internet-facing systems globally.

According to SecurityWeek, another threat actor group including Volt Typhoon has exploited multiple vulnerabilities in Sophos devices, specifically edge devices and firewall infrastructure, since as early as 2018.

Box 4

In a recent statement, the FBI appealed for public assistance to identify those behind this campaign, which includes other prominent groups like APT41 and APT31, along with Volt Typhoon.

This ongoing series of attacks has involved exploiting zero-day vulnerabilities, including CVE-2020-12271, to gain root-level access on compromised devices. In April 2020, Sophos reported that the Asnarök malware had been deployed on its XG Firewalls, prompting a coordinated takedown of the malware’s server.

Sophos, a British security firm, revealed last week that these threat groups have been targeting their devices as part of a multi-year campaign.

The company disclosed that it has developed custom tools to monitor the attackers’ tactics, techniques, and procedures (TTPs), deploying an implant to track the attackers’ activities.

While Sophos has not released information on specific organisations affected by these attacks, the FBI indicated that both private companies and government entities had been targeted.

To further assist in tracking down these attackers, the FBI has called on individuals with knowledge of the hackers’ identities to come forward. In coordination with the UK’s National Cyber Security Centre, the FBI has released technical details on “Pygmy Goat,” a sophisticated backdoor malware discovered in compromised Sophos XG firewalls.

A spokesperson for China’s Embassy in Washington, Liu Pengyu, responded to the allegations without addressing specifics but reiterated that China opposes all forms of cyber attacks and cybertheft. The Chinese government has long denied allegations of state-sponsored hacking, though cyber intelligence experts maintain that China remains one of the most prolific state actors in cyber espionage.

General Timothy Haugh, director of the US National Security Agency (NSA), commented on the severity of recent telecom attacks, noting in October that the current investigations into these incidents are still in their early stages.

Following these breaches, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) identified specific malicious activity linked to Chinese actors, and provided direct technical assistance to affected companies.

Security analysts have expressed concern over the potential long-term impacts of these breaches, emphasising the possibility of state-sponsored actors embedding themselves within critical infrastructure with the capacity to later trigger disruptions or gather intelligence.

Retired General Paul Nakasone, former NSA director, recently highlighted the significant challenge that these groups pose, describing the increasing scale and complexity of attacks by both Volt and Salt Typhoon.

Chinese state-sponsored hackers have been active in cyber operations for years, including prominent incidents such as the 2015 breach of the US Office of Personnel Management.

However, officials warn that these recent breaches point to a strategy beyond espionage, one potentially aimed at positioning China to disrupt or control critical infrastructure in case of heightened geopolitical tensions.

The ramifications of such access, security experts caution, could extend far beyond immediate breaches, potentially affecting everything from data privacy to national security.

 



Source link

Box 5

Share post:

spot_img

Popular

More like this
Related