Similar Posts
SINGAPORE – Singapore Telecommunications Ltd., Singapore’s largest mobile carrier, was breached by Chinese state-sponsored hackers this summer as part of a broader campaign against telecommunications companies and other critical infrastructure operators around the world, according to two people familiar with the matter.
The previously undisclosed breach was discovered in June, and investigators believe it was pulled off by a hacking group known as Volt Typhoon, according to the two people, who asked not to be identified to discuss a confidential investigation.
Officials in the US, Australia, Canada, the UK and New Zealand – the “Five Eyes” intelligence-sharing alliance – warned earlier in 2024 that Volt Typhoon was embedding itself inside compromised IT networks to give China the ability to conduct disruptive cyberattacks in the event of a military conflict with the West.
The breach of Singtel, a carrier with operations throughout South-east Asia and Australia, was seen as a test run by China for further hacks against US telecommunications companies, and information from the attack has provided clues about the expanding scope of suspected Chinese attacks against critical infrastructure abroad, including in the US, the people said.
In an e-mailed response to queries from Bloomberg News, Singtel did not directly address questions about the alleged breach. “We understand the importance of network resilience, especially because we are a key infrastructure service provider,” the company said. “That’s why we adopt industry best practices and work with industry-leading security partners to continuously monitor and promptly address the threats that we face on a daily basis. We also regularly review and enhance our cybersecurity capabilities and defences to protect our critical assets from evolving threats.”
A spokesperson for the Chinese Embassy in Washington, Liu Pengyu, said he was not aware of the specifics, as relayed by Bloomberg, but that in general, China firmly opposes and combats cyberattacks and cybertheft.
The US is currently battling its own suspected Chinese attacks of political campaigns and telecommunications companies. Officials have described the telecom breaches as one of the most damaging campaigns on record by suspected Chinese hackers and one that they are still seeking to fully understand and contain.
In the US telecommunications attacks, which investigators have attributed to another Chinese group called Salt Typhoon, AT&T Inc. and Verizon Communications Inc. are among those breached, and the hackers potentially accessed systems the federal government uses for court-authorised network wiretapping requests, the Wall Street Journal reported in early October.
US intelligence officials think the Chinese hacking group that Microsoft Corp. dubbed Salt Typhoon may have been inside US telecommunications companies for months and found a route into an access point for legally authorised wiretapping, according to a person familiar with their views.
AT&T declined to comment. Verizon did not respond to a request for comment.
Through those intrusions, the hackers are believed to have targeted the phones of former President Donald Trump, running mate JD Vance and Trump family members, as well as members of Vice-President Kamala Harris’ campaign staff and others, the New York Times has reported.
In the case of the alleged Singtel breach, one of the people familiar with that incident said the attack relied on a tool known as a web shell.
In August, researchers at Lumen Technologies Inc. said in a blog post they assessed with “moderate confidence” that Volt Typhoon had used such a web shell. A sample of the malware was first uploaded to VirusTotal, a popular site for security experts to research malicious code, on June 7 by an unidentified entity in Singapore, according to Lumen researchers.
The web shell allowed hackers to intercept and gather credentials to gain access to a customer’s network disguised as a bona fide user, they said.
The hackers then breached four US firms, including internet service providers, and another in India, according to Lumen researchers.
General Timothy Haugh, director of the National Security Agency, said in early October that the investigations into the latest telecommunications breaches were at an early stage. Later in October, the FBI and the Cybersecurity and Infrastructure Security Agency said they had identified specific malicious activity by actors affiliated with the Chinese government and immediately notified affected companies and “rendered technical assistance.”
A spokesperson for the National Security Council last week referred to the “ongoing investigation and mitigation efforts,” but directed further questions to the FBI and CISA.
Singtel uncovered the breach of its network after detecting suspicious data traffic in a core back-end router and finding what it believed was sophisticated, and possibly state-sponsored, malware on it, according to the other person familiar with the investigation.
The malware was in “listening” mode and didn’t appear to have been activated for espionage or any other purpose, the person said, adding that it reinforced a suspicion that the attack was either a test run of a new hacking capability or that its purpose was to create a strategic access point for future attacks.
There is evidence that Salt Typhoon reached the US at least as early as spring 2024, and possibly long before, and investigators tracking the group think it has infiltrated other telecommunications companies throughout Asia, including in Indonesia, Nepal, the Philippines, Thailand and Vietnam, according to two people familiar with those efforts.
The NSA has warned since 2022 that telecommunications infrastructure was vulnerable to Chinese hacking. Volt Typhoon has been active since at least mid-2020, having attacked sensitive networks in Guam and elsewhere in the US with a goal of burrowing into critical infrastructure and staying undetected for as long as possible.
The hacks by both Chinese Typhoon groups have alarmed Western officials and raised concerns about the number and severity of backdoors – a way to get around security tools and gain high-level access to a computer system – that China has placed inside critical IT systems. Those entry points could be used to conduct espionage or prepare the battlespace for use in a potential military conflict with the West.
Chinese hackers have long been accused of conducting espionage attacks against the US – including, most notably, the theft of security clearance applications for tens of millions of US government workers held by the Office of Personnel Management.
But officials say the latest hacks go a step further and in some cases suggest China may be amassing capabilities to disrupt or degrade critical services in the US and abroad.
Paul Nakasone, a retired general who led the NSA for nearly six years until February, told reporters in October that the latest telecommunications hacks by Salt Typhoon were distinguished by their scale, and that the two Chinese groups represent a tremendous challenge for the government. “I am not pleased in terms of where we’re at with either of the Typhoons,” he said. BLOOMBERG
WASHINGTON – A sophisticated breach of US telecommunications systems has extended to the presidential campaigns, raising questions about the group behind the attack and the extent of its efforts at collecting intelligence.
It was unclear what data was taken in the attack. The far-reaching operation has been linked to the Chinese government and attributed to a group experts call Salt Typhoon.
Investigators believe hackers took aim at a host of well-connected Americans, including the presidential candidates – reflecting the scope and potential severity of the hack.
Here’s what to know.
What is Salt Typhoon?
Salt Typhoon is the name Microsoft cybersecurity experts have given to a Chinese group suspected of using sophisticated techniques to hack into major systems – most recently, US telecommunication companies.
The moniker is based on Microsoft’s practice of naming hacking groups after types of weather – “typhoon” for hackers based in China, “sandstorm” for efforts by Iran and “blizzard” for operations mounted by Russia. A second term, in this case “salt,” is used to denote the type of hacking.
Experts say Salt Typhoon seems to be focused primarily on counterintelligence targets, unlike other hacking groups that may try to steal corporate data, money or other secrets.
What do US officials think Salt Typhoon has done?
National security officials have gathered evidence indicating the hackers were able to infiltrate major telecom companies, including but not limited to Verizon.
The New York Times reported on Oct 25 that among the phones targeted were devices used by former President Donald Trump and his running mate, Senator JD Vance of Ohio. The effort is believed to be part of a wide-ranging intelligence-collection effort that also took aim at Democrats, including staff members of both Vice President Kamala Harris’ campaign and Senator Chuck Schumer of New York, the majority leader.
How serious is this hacking?
National security officials are still scrambling to understand the severity of the breach, but they are greatly concerned if, as it appears, hackers linked to Chinese intelligence were able to access US cellphone and data networks. Such information can provide a wealth of useful intelligence to a foreign adversary like China.
To some degree, the breach represents a continuation of data collection on the types of targets that spies have been gathering for decades. In this instance, however, the sheer quantity and quality of the information Salt Typhoon may have gained access to could put the intrusion into its own category, and suggests that US data networks are more vulnerable than officials realised.
What did the hackers get?
At this stage, that is still unclear. One major concern among government officials is whether the group was able to observe any court-ordered investigative work, such as Foreign Intelligence Surveillance Act collection – a highly secretive part of American efforts to root out spies and terrorists.
No one has suggested yet that the hackers were able to essentially operate inside individual targets’ phones. The more immediate concern would be if they were able to see who was in contact with candidates and elected officials, and how often they spoke and for how long. That kind of information could help any intelligence agency understand who is close to senior decision-makers in the government.
People familiar with the investigation say it is not yet known if the hackers were able to gain access to that kind of information; investigators are reasonably confident that the perpetrators were focused on specific phone numbers associated with presidential campaigns, senior government leaders, their staff members and others.
Like the weather, hacking is never really over, and the Salt Typhoon breach may not be over either. It is also possible that the United States may never learn precisely what the hackers got. NYTIMES
A child in California has become the first in the United States to test positive for bird flu infection, authorities said on Nov 22, as health officials offered checks and preventive treatment to exposed contacts at the child’s day-care centre.
The child, from Alameda County in the San Francisco Bay area, had mild symptoms and was said to be recovering at home following treatment with flu antivirals, according to the US Centres for Disease Control and Prevention (CDC) and the California Department of Public Health (CDPH).
As a precaution, close family members of the child were tested, with all results coming back negative.
Local officials have also contacted caregivers and families at the day-care facility, where the child showed mild symptoms before testing positive.
Chinese hackers preparing for conflict, says US cyber official
Chinese hackers are positioning themselves in US critical infrastructure IT networks for a potential clash with the United States, a top American cybersecurity official said on Nov 22.
Ms Morgan Adamski, executive director of US Cyber Command, said Chinese-linked cyber operations are aimed at gaining an advantage in case of a major conflict with the US.
Officials have warned that China-linked hackers have compromised IT networks and taken steps to carrying out disruptive attacks in the event of a conflict.
Ukraine to step up air defence development after missile ‘test’
President Volodymyr Zelensky said on Nov 22 that Ukraine was working on developing new types of air defence to counter “new risks” following Russia’s deployment of a new medium-range missile in the 33-month war.
Mr Zelensky, in his nightly video address, said testing a new weapon for purposes of terror in another country was an “international crime” and issued a new call for a world-wide “serious response” to keep Russia from expanding the war.
He was speaking a day after Russia fired a new intermediate-range weapon – called Oreshnik (hazel tree) – into Ukraine for the first time. Ukraine said the missile reached a top speed of more than 13,000kmh and took about 15 minutes to reach its target from its launch.
Americans say you need a $364,000 salary to be ‘successful’
The price of success? About US$270,000 (S$364,000) a year.
That is the annual salary it takes to be considered financially successful, according to a survey released on Nov 22 by financial services company Empower. The hurdle for net worth is US$5.3 million, according to respondents.
Those numbers are well beyond the reach of most Americans.
New Ultimate Championship will be athletics ‘gamechanger’
World Athletics president Sebastian Coe said on Nov 22 the new Ultimate Championship team event, officially unveiled by the sport’s governing body, would be a “gamechanger” for track and field.
The inaugural event will be held in Budapest on Sept 11-13, 2026, and it will be staged every two years to fulfil World Athletics’ ambition of holding a global championship every year.
The federation said the event would provide “a spectacular conclusion to the summer athletics season, in the years where there is no World Athletics Championships”.
WASHINGTON – Members of former U.S. President Donald Trump’s family and officials from the Biden administration were among those targeted by China-linked hackers who were able to break into telecommunications company systems, the New York Times reported on Tuesday, citing people familiar with the matter.
The Times said State Department officials, Trump family members including Eric Trump and Jared Kushner, and prominent Democrats including Senate majority leader Chuck Schumer were among those targeted by the spies.
Concerns about the hacking group have grown since media reports disclosed its activities last month.
On Oct. 6, the Wall Street Journal reported that the group, nicknamed “Salt Typhoon”, had accessed the networks of broadband providers and obtained information from systems the federal government uses for court-authorized wiretapping.
The State Department, as well as aides for Trump family members, did not immediately respond to Reuters’ questions. The White House, the National Security Agency, and the cybersecurity watchdog agency CISA did not immediately return messages. A Schumer aide did not immediately reply to an email. The Chinese Embassy in Washington did not immediately respond to an email, although Beijing routinely denies being behind cyberespionage campaigns. REUTERS
HELSINKI – A fibre optic communications cable linking Finland and Germany along the seabed has stopped working and may have been severed by an outside force, Finnish state-controlled cyber security and telecoms network company Cinia said on Monday.
The 1,200 km (745 miles) C-Lion1 cable running through the Baltic Sea from Finland’s capital Helsinki to the German port of Rostock malfunctioned just after 0200 GMT, the company said.
The sudden outage implied that the cable was completely severed by an outside force, although a physical inspection has not yet been conducted, Cinia’s Chief Executive Ari-Jussi Knaapila told a press conference.
The damage occurred near the southern tip of Sweden’s Oland island and could typically take between five and 15 days to repair, he added.
Cinia said it was working with authorities to investigate the incident.
Last year a subsea gas pipeline and several telecoms cables running along the bottom of the Baltic Sea were severely damaged in an incident raising alarm bells in the region.
Finnish police investigating the 2023 case have named a Chinese container ship believed to have dragged its anchor as a prime suspect, but have not said whether the damage was believed to be accidental or done with intention.
In 2022 the Nord Stream gas pipelines linking Russia to Germany in the Baltic Sea were destroyed by explosions in a case that remains under investigation by German authorities. REUTERS
PETALING JAYA – The National Cyber Security Agency (Nacsa) says it is currently investigating reports alleging that the MyKad, or Malaysian identity card, data of 17 million Malaysians has been leaked and is being sold on the dark web.
“We understand this is a concerning issue for the public and want to assure you that we are taking it very seriously,” said a spokesperson in a statement issued Dec 4 to LifestyleTech.
“Our experts are investigating the situation thoroughly to verify the authenticity of these claims and assess the extent of any potential compromise.
“Nacsa is committed to safeguarding personal data and will take necessary action based on our findings.”
Dark web threat intelligence firm StealthMole first highlighted the issue on Dec 3 on X, stating that threat actors claim to be in possession of MyKad data belonging to 17 million Malaysians and are offering it up for sale on the dark web.
“As proof, they have publicly shared samples of Malaysian ID cards on the dark web,” the company wrote in the post.
“This massive data breach raises concerns as it could lead to serious crimes like identity theft and financial fraud.”
Nacsa said it will provide updates as more information becomes available while also urging the public to “avoid spreading unconfirmed reports and only refer to verified information from the authorities”.
It further advises monitoring bank accounts and credit reports for suspicious activity, remaining cautious of unsolicited communications, refraining from clicking on links or opening attachments from unknown senders, using strong passwords, keeping software up to date, and practising good cyber hygiene. THE STAR/ASIA NEWS NETWORK