Connect with us

Business

Chinese state-sponsored hackers allegedly breach SingTel in global telecommunications attacks

Bloomberg reports that Chinese state-backed hackers, identified as Volt Typhoon, breached SingTel’s network this summer. The attack aligns with a wider campaign targeting global telecom infrastructure, allegedly to create strategic access points for potential future disruptions.

Published

on

In a confidential investigation disclosed by Bloomberg, Singapore Telecommunications Ltd (SingTel), the largest mobile carrier in Singapore, was reportedly breached by Chinese state-sponsored hackers this summer.

The attackers, identified as Volt Typhoon, allegedly infiltrated SingTel’s systems as part of a wider effort to compromise telecommunications infrastructure worldwide, with potential motives ranging from espionage to strategic disruption, according to two individuals familiar with the incident who spoke under the condition of anonymity.

The alleged breach of SingTel follows a pattern of Chinese cyber intrusions into critical telecommunications networks, with particular focus on US operators. Officials in the United States have flagged similar breaches involving another Chinese-linked group, Salt Typhoon.

According to a SingTel spokesperson, “Like any other large organisation and key infrastructure provider around the world, we are constantly probed.”

“Singtel wishes to clarify that malware was detected in June, which was subsequently dealt with and reported to relevant authorities. There was no data exfiltrated and no impact on services. However, we cannot confirm or ascertain if this is the exact same event listed in the Bloomberg article, with the cited threat actors and intended targets. We do not comment on speculation. Singtel conducts regular malware sweeps as part of its cyber posture.”

The spokesperson further added, “Network resilience remains critical to our business, and we adopt industry best practices and work with leading security partners to continuously monitor and address the threats that we face on a daily basis. We also regularly review and enhance our cybersecurity capabilities and defences to protect our critical assets from evolving threats.”

Recent reports from the Wall Street Journal noted that Salt Typhoon allegedly accessed US telecommunications systems used for court-authorised network wiretapping by AT&T Inc and Verizon Communications Inc.

These intrusions have raised significant national security concerns, as such access could potentially enable surveillance on high-profile individuals and government officials.

In addition to recent breaches, there has been a longer-standing campaign by Chinese-linked threat actors targeting internet-facing systems globally.

According to SecurityWeek, another threat actor group including Volt Typhoon has exploited multiple vulnerabilities in Sophos devices, specifically edge devices and firewall infrastructure, since as early as 2018.

In a recent statement, the FBI appealed for public assistance to identify those behind this campaign, which includes other prominent groups like APT41 and APT31, along with Volt Typhoon.

This ongoing series of attacks has involved exploiting zero-day vulnerabilities, including CVE-2020-12271, to gain root-level access on compromised devices. In April 2020, Sophos reported that the Asnarök malware had been deployed on its XG Firewalls, prompting a coordinated takedown of the malware’s server.

Sophos, a British security firm, revealed last week that these threat groups have been targeting their devices as part of a multi-year campaign.

The company disclosed that it has developed custom tools to monitor the attackers’ tactics, techniques, and procedures (TTPs), deploying an implant to track the attackers’ activities.

While Sophos has not released information on specific organisations affected by these attacks, the FBI indicated that both private companies and government entities had been targeted.

To further assist in tracking down these attackers, the FBI has called on individuals with knowledge of the hackers’ identities to come forward. In coordination with the UK’s National Cyber Security Centre, the FBI has released technical details on “Pygmy Goat,” a sophisticated backdoor malware discovered in compromised Sophos XG firewalls.

A spokesperson for China’s Embassy in Washington, Liu Pengyu, responded to the allegations without addressing specifics but reiterated that China opposes all forms of cyber attacks and cybertheft. The Chinese government has long denied allegations of state-sponsored hacking, though cyber intelligence experts maintain that China remains one of the most prolific state actors in cyber espionage.

General Timothy Haugh, director of the US National Security Agency (NSA), commented on the severity of recent telecom attacks, noting in October that the current investigations into these incidents are still in their early stages.

Following these breaches, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) identified specific malicious activity linked to Chinese actors, and provided direct technical assistance to affected companies.

Security analysts have expressed concern over the potential long-term impacts of these breaches, emphasising the possibility of state-sponsored actors embedding themselves within critical infrastructure with the capacity to later trigger disruptions or gather intelligence.

Retired General Paul Nakasone, former NSA director, recently highlighted the significant challenge that these groups pose, describing the increasing scale and complexity of attacks by both Volt and Salt Typhoon.

Chinese state-sponsored hackers have been active in cyber operations for years, including prominent incidents such as the 2015 breach of the US Office of Personnel Management.

However, officials warn that these recent breaches point to a strategy beyond espionage, one potentially aimed at positioning China to disrupt or control critical infrastructure in case of heightened geopolitical tensions.

The ramifications of such access, security experts caution, could extend far beyond immediate breaches, potentially affecting everything from data privacy to national security.

Update: Included response from Singtel on alleged breach

23 Comments
Subscribe
Notify of
23 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

Trending