SINGAPORE – Singapore Telecommunications Ltd., Singapore’s largest mobile carrier, was breached by Chinese state-sponsored hackers this summer as part of a broader campaign against telecommunications companies and other critical infrastructure operators around the world, according to two people familiar with the matter.

The previously undisclosed breach was discovered in June, and investigators believe it was pulled off by a hacking group known as Volt Typhoon, according to the two people, who asked not to be identified to discuss a confidential investigation.

Officials in the US, Australia, Canada, the UK and New Zealand – the “Five Eyes” intelligence-sharing alliance – warned earlier in 2024 that Volt Typhoon was embedding itself inside compromised IT networks to give China the ability to conduct disruptive cyberattacks in the event of a military conflict with the West.

The breach of Singtel, a carrier with operations throughout South-east Asia and Australia, was seen as a test run by China for further hacks against US telecommunications companies, and information from the attack has provided clues about the expanding scope of suspected Chinese attacks against critical infrastructure abroad, including in the US, the people said.

In an e-mailed response to queries from Bloomberg News, Singtel did not directly address questions about the alleged breach. “We understand the importance of network resilience, especially because we are a key infrastructure service provider,” the company said. “That’s why we adopt industry best practices and work with industry-leading security partners to continuously monitor and promptly address the threats that we face on a daily basis. We also regularly review and enhance our cybersecurity capabilities and defences to protect our critical assets from evolving threats.”

A spokesperson for the Chinese Embassy in Washington, Liu Pengyu, said he was not aware of the specifics, as relayed by Bloomberg, but that in general, China firmly opposes and combats cyberattacks and cybertheft.

The US is currently battling its own suspected Chinese attacks of political campaigns and telecommunications companies. Officials have described the telecom breaches as one of the most damaging campaigns on record by suspected Chinese hackers and one that they are still seeking to fully understand and contain. 

In the US telecommunications attacks, which investigators have attributed to another Chinese group called Salt Typhoon, AT&T Inc. and Verizon Communications Inc. are among those breached, and the hackers potentially accessed systems the federal government uses for court-authorised network wiretapping requests, the Wall Street Journal reported in early October.

US intelligence officials think the Chinese hacking group that Microsoft Corp. dubbed Salt Typhoon may have been inside US telecommunications companies for months and found a route into an access point for legally authorised wiretapping, according to a person familiar with their views.

AT&T declined to comment. Verizon did not respond to a request for comment.

Through those intrusions, the hackers are believed to have targeted the phones of former President Donald Trump, running mate JD Vance and Trump family members, as well as members of Vice-President Kamala Harris’ campaign staff and others, the New York Times has reported.

In the case of the alleged Singtel breach, one of the people familiar with that incident said the attack relied on a tool known as a web shell. 

In August, researchers at Lumen Technologies Inc. said in a blog post they assessed with “moderate confidence” that Volt Typhoon had used such a web shell. A sample of the malware was first uploaded to VirusTotal, a popular site for security experts to research malicious code, on June 7 by an unidentified entity in Singapore, according to Lumen researchers.

The web shell allowed hackers to intercept and gather credentials to gain access to a customer’s network disguised as a bona fide user, they said.

The hackers then breached four US firms, including internet service providers, and another in India, according to Lumen researchers.

General Timothy Haugh, director of the National Security Agency, said in early October that the investigations into the latest telecommunications breaches were at an early stage. Later in October, the FBI and the Cybersecurity and Infrastructure Security Agency said they had identified specific malicious activity by actors affiliated with the Chinese government and immediately notified affected companies and “rendered technical assistance.”

A spokesperson for the National Security Council last week referred to the “ongoing investigation and mitigation efforts,” but directed further questions to the FBI and CISA. 

Singtel uncovered the breach of its network after detecting suspicious data traffic in a core back-end router and finding what it believed was sophisticated, and possibly state-sponsored, malware on it, according to the other person familiar with the investigation.

The malware was in “listening” mode and didn’t appear to have been activated for espionage or any other purpose, the person said, adding that it reinforced a suspicion that the attack was either a test run of a new hacking capability or that its purpose was to create a strategic access point for future attacks.

There is evidence that Salt Typhoon reached the US at least as early as spring 2024, and possibly long before, and investigators tracking the group think it has infiltrated other telecommunications companies throughout Asia, including in Indonesia, Nepal, the Philippines, Thailand and Vietnam, according to two people familiar with those efforts.

The NSA has warned since 2022 that telecommunications infrastructure was vulnerable to Chinese hacking. Volt Typhoon has been active since at least mid-2020, having attacked sensitive networks in Guam and elsewhere in the US with a goal of burrowing into critical infrastructure and staying undetected for as long as possible. 

The hacks by both Chinese Typhoon groups have alarmed Western officials and raised concerns about the number and severity of backdoors – a way to get around security tools and gain high-level access to a computer system – that China has placed inside critical IT systems. Those entry points could be used to conduct espionage or prepare the battlespace for use in a potential military conflict with the West.

Chinese hackers have long been accused of conducting espionage attacks against the US – including, most notably, the theft of security clearance applications for tens of millions of US government workers held by the Office of Personnel Management.

But officials say the latest hacks go a step further and in some cases suggest China may be amassing capabilities to disrupt or degrade critical services in the US and abroad.

Paul Nakasone, a retired general who led the NSA for nearly six years until February, told reporters in October that the latest telecommunications hacks by Salt Typhoon were distinguished by their scale, and that the two Chinese groups represent a tremendous challenge for the government. “I am not pleased in terms of where we’re at with either of the Typhoons,” he said. BLOOMBERG

LONDON – Mirror Group Newspapers (MGN) is facing 101 phone-hacking lawsuits from public figures including actors Kate Winslet, Sean Bean and Gillian Anderson and the estate of late Australian cricketer Shane Warne, London’s High Court heard on Nov 20.

The publisher of the Daily Mirror, Sunday Mirror and Sunday People tabloids – which is owned by Reach – has been entangled in litigation for more than a decade over alleged phone hacking and other unlawful information gathering.

MGN had accepted that some unlawful information gathering took place at its newspapers in the early 2000s, before Prince Harry and three others went to trial in 2023.

Harry, the younger son of King Charles, was awarded £140,600 (around S$238,000) after London’s High Court ruled the prince had been targeted by MGN journalists – the biggest win yet in his “mission” to purge the British press.

He accepted substantial damages from MGN to settle the remainder of his lawsuit, but vowed his mission would continue and a trial of his separate case against Rupert Murdoch’s British newspaper arm is due to begin in January.

When Harry largely won his case in December 2023, Reach also claimed victory as two other claimants’ cases were rejected as having been brought too late.

The company said the ruling meant cases brought after October 2020 were “likely to be dismissed other than where exceptional circumstances apply”.

MGN is, however, currently facing a total of 101 lawsuits brought by a number of people, including Prince Harry’s ex-girlfriend Chelsy Davy, the claimants’ lawyers said at a hearing on Nov 20.

The publisher asked for a trial to be heard in late 2025 to decide whether a sample of the 101 cases were brought too late, arguing it would likely prompt a settlement of the cases.

Judge Timothy Fancourt ruled that such a trial would accelerate other cases being resolved and said it was likely to take place in November 2025. REUTERS

HELSINKI – A fibre optic communications cable linking Finland and Germany along the seabed has stopped working and may have been severed by an outside force, Finnish state-controlled cyber security and telecoms network company Cinia said on Monday.

The 1,200 km (745 miles) C-Lion1 cable running through the Baltic Sea from Finland’s capital Helsinki to the German port of Rostock malfunctioned just after 0200 GMT, the company said.

The sudden outage implied that the cable was completely severed by an outside force, although a physical inspection has not yet been conducted, Cinia’s Chief Executive Ari-Jussi Knaapila told a press conference.

The damage occurred near the southern tip of Sweden’s Oland island and could typically take between five and 15 days to repair, he added.

Cinia said it was working with authorities to investigate the incident.

Last year a subsea gas pipeline and several telecoms cables running along the bottom of the Baltic Sea were severely damaged in an incident raising alarm bells in the region.

Finnish police investigating the 2023 case have named a Chinese container ship believed to have dragged its anchor as a prime suspect, but have not said whether the damage was believed to be accidental or done with intention.

In 2022 the Nord Stream gas pipelines linking Russia to Germany in the Baltic Sea were destroyed by explosions in a case that remains under investigation by German authorities. REUTERS

WASHINGTON – The woman who dubbed herself the “Crocodile of Wall Street” and “Razzlekhan” in rap videos was ordered to serve 18 months behind bars for helping her hacker husband launder cryptocurrency he stole from the Bitfinex exchange.

Heather Morgan, 34, was sentenced on Nov 18 in Washington federal court. Last week, her husband, Ilya Lichtenstein, got five years in prison for his role in the scheme, which stemmed from his 2016 hack of the exchange and the theft of Bitcoin currently worth billions of dollars. Both pleaded guilty last year.

Morgan wasn’t involved in the hack, and her husband said he recruited her to help hide the loot he’d stolen. They could have faced more prison time, but he agreed to aid the United States in other crypto prosecutions and she persuaded him to cooperate with the authorities.

The Verge, which called her “crypto’s most embarrassing rapper”, said she made crypto-themed rap videos under the name Razzlekhan. The whole story is expected to be immortalized in a Netflix documentary series and a film called Dutch & Razzlekhan, the tech news website said.

According to prosecutors, Morgan and Lichtenstein engaged in complex money-laundering techniques, including creating accounts under fictitious identities, moving the stolen proceeds in small amounts, and breaking up the trail of transactions by depositing and withdrawing funds from crypto exchanges and darknet markets. They purchased nonfungible tokens, gold and Walmart gift cards, court records show. 

At the time of the hack, the stolen Bitcoin was worth about US$71 million (S$95 million). Now it’s valued in the billions of dollars as the price of Bitcoin has surged from US$580 to more than US$90,000. The couple laundered 21 per cent of what was stolen in the Bitfinex hack, according to the government. BLOOMBERG

WASHINGTON – China-linked hackers have intercepted surveillance data intended for American law enforcement agencies after breaking in to an unspecified number of telecom companies, US authorities said on Nov 13.

The hackers compromised the networks of “multiple telecommunications companies” and stole US customer call records and communications from “a limited number of individuals who are primarily involved in government or political activity”, according to a joint statement released by the Federal Bureau of Investigation (FBI) and the US cyber watchdog agency CISA.

The two agencies said the hackers also copied “certain information that was subject to US law enforcement requests pursuant to court orders”.

The statement gave few other details, and the Cybersecurity and Infrastructure Security Agency immediately responded to a request for comment.

The FBI declined to comment.

The announcement confirms the broad outlines of previous media reports, especially those in the Wall Street Journal, that Chinese hackers were feared to have opened a back door into the interception systems used by law enforcement to surveil Americans’ telecommunications.

That, combined with reports that Chinese hackers had targeted telephones belonging to then-presidential and vice-presidential candidates Donald Trump and J.D. Vance, along with other senior political figures, raised widespread concern over the security of America’s telecommunications infrastructure.

The matter is already slated for investigation by the Department of Homeland Security’s Cyber Safety Review Board, which was set up to analyse the causes and fallout of major digital security incidents.

The Chinese Embassy in Washington did not immediately return a message seeking comment. Beijing routinely denies US hacking allegations. REUTERS