Action Taken Following Breach of Two Universities' IT Networks

1           A breach of the IT networks of the Nanyang Technological University (NTU) and the National University of Singapore (NUS) was discovered last month.

2           Intrusions into NTU’s networks were detected when the university ran its regular checks on its systems on 19^th April. NUS detected an unauthorised intrusion into its IT systems on 11^th April, during cybersecurity assessments by external consultants who had been engaged to strengthen its cyber defence.

3           In each instance, NTU and NUS promptly alerted the Cyber Security Agency of Singapore (CSA) who has been assisting the affected universities to conduct forensic investigations to understand the nature and extent of these attacks. CSA is also assisting with incident response and immediate measures to mitigate potential impact.  At both NTU and NUS, affected desktop computers and workstations were quickly isolated, removed and replaced. CSA is working closely with the universities in on-going investigations.

4           Based on investigations, both the attacks were the work of Advanced Persistent Threat (APT) actors. They are carefully planned and are not the work of casual hackers. The objective may be to steal information related to government or research. There is no evidence that information or data related to students was being targeted. However, as the universities’ systems are separate from government IT systems, the extent of the APTs’ activities appear to be limited. The daily operations of both universities, including critical IT systems such as student admissions and examinations databases, were not affected. Nonetheless, NUS and NTU have increased vigilance, and adopted additional security measures beyond those already in place.

5           CSA’s Singapore Computer Emergency Response Team (SingCERT) has reached out to the other Autonomous Universities (AUs) and also informed our Critical Information Infrastructure (CII) Sectors and the government sector to step up monitoring and checks on their networks. There has been no sign of suspicious activity in CII networks or government networks thus far.

6           CSA, MOE and the universities will not be able to provide further details about the incident as this could impact the effectiveness of additional defensive and preventive measures being put in place by both universities.

7           Organisations and managed service providers are encouraged to proactively monitor and check their IT networks regularly for signs of malicious activity. They should contact SingCERT at 6323 5052 or via email at singcert@csa.gov.sg if they require any assistance.

About the Cyber Security Agency of Singapore

Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes.

CSA is part of the Prime Minister’s Office and is managed by the Ministry of Digital Development and Information. For more news and information, please visit www.csa.gov.sg.

About the Ministry of Education

The Ministry of Education (MOE) formulates and implements education policies on education structure, curriculum, pedagogy, and assessment. It oversees the management and development of Government-funded schools, and the Institute of Technical Education, polytechnics and universities.

Please visit www.moe.gov.sg for more information.