Action Taken Following Breach of Two Universities' IT Networks

12 May 2017

A breach of the IT networks of the Nanyang Technological University (NTU) and the National University of Singapore (NUS) was discovered last month.

Intrusions into NTU’s networks were detected when the university ran its regular checks on its systems on 19th April. NUS detected an unauthorised intrusion into its IT systems on 11th April, during cybersecurity assessments by external consultants who had been engaged to strengthen its cyber defence.

In each instance, NTU and NUS promptly alerted the Cyber Security Agency of Singapore (CSA) who has been assisting the affected universities to conduct forensic investigations to understand the nature and extent of these attacks. CSA is also assisting with incident response and immediate measures to mitigate potential impact.  At both NTU and NUS, affected desktop computers and workstations were quickly isolated, removed and replaced.  CSA is working closely with the universities in on-going investigations.

Based on investigations, both the attacks were the work of Advanced Persistent Threat (APT) actors. They are carefully planned and are not the work of casual hackers. The objective may be to steal information related to government or research. There is no evidence that information or data related to students was being targeted. However, as the universities’ systems are separate from government IT systems, the extent of the APTs’ activities appear to be limited. The daily operations of both universities, including critical IT systems such as student admissions and examinations databases, were not affected. Nonetheless, NUS and NTU have increased vigilance, and adopted additional security measures beyond those already in place.

CSA’s Singapore Computer Emergency Response Team (SingCERT) has reached out to the other Autonomous Universities (AUs) and also informed our Critical Information Infrastructure (CII) Sectors and the government sector to step up monitoring and checks on their networks. There has been no sign of suspicious activity in CII networks or government networks thus far.

CSA, MOE and the universities will not be able to provide further details about the incident as this could impact the effectiveness of additional defensive and preventive measures being put in place by both universities.

Organisations and managed service providers are encouraged to proactively monitor and check their IT networks regularly for signs of malicious activity. They should contact SingCERT at 6323 5052 or via email at if they require any assistance.

About Cyber Security Agency of Singapore

Established on 1 April 2015, the Cyber Security Agency of Singapore (CSA) provides dedicated and centralised oversight of national cyber security functions, and works with sector leads to protect Singapore’s critical services. It also engages with various industries, and stakeholders to heighten cyber security awareness as well as to ensure the holistic development of Singapore’s cyber security landscape. The Agency was established under the Prime Minister’s Office and is managed by the Ministry of Communications and Information.

About the Ministry of Education

The Ministry of Education (MOE) formulates and implements education policies on education structure, curriculum, pedagogy, and assessment. It oversees the management and development of Government-funded schools, and the Institute of Technical Education, polytechnics and universities.

Please visit for more information.