Breach on IT Networks of Two Reputed Universities in Singapore

May 16, 20178:23 am315 views

A breach of the IT networks of the Nanyang Technological University (NTU) and the National University of Singapore (NUS) was discovered last month. Intrusions into NTU’s networks were detected when the university ran its regular checks on its systems on April 19.

NUS detected an unauthorized intrusion into its IT systems on April 11, during cybersecurity assessments by external consultants who had been engaged to strengthen its cyber defence.

In each instance, NTU and NUS promptly alerted the Cyber Security Agency of Singapore (CSA) who has been assisting the affected universities to conduct forensic investigations to understand the nature and extent of these attacks.

CSA is also assisting with incident response and immediate measures to mitigate potential impact.  At NTU and NUS, affected desktop computers and workstations were quickly isolated, removed and replaced.  CSA is working closely with the universities in ongoing investigations.

Based on investigations, both the attacks was the work of Advanced Persistent Threat (APT) actors. They are carefully planned and are not the work of casual hackers. The objective may be to steal information related to government or research. There is no evidence that the information or data related to students was being targeted.

However, as the universities’ systems are separate from government IT systems, the extent of the APTs’ activities appear to be limited. The daily operations of both universities, including critical IT systems such as student admissions and examinations databases, were not affected.

See: Investigating Cyber and Data Security Breaches in Detail: Report Findings

Nonetheless, NUS and NTU have increased vigilance, and adopted additional security measures beyond those already in place.

CSA’s Singapore Computer Emergency Response Team (SingCERT) has reached out to the other Autonomous Universities (AUs) and also informed Critical Information Infrastructure (CII) sectors and the government sector to step up monitoring and checks on their networks. There has been no sign of suspicious activity in CII networks or government networks thus far.

CSA, MOE and the universities did not provide any further details about the incident, as this could impact the effectiveness of additional defensive and preventive measures being put in place by both universities.

Organisations and managed service providers are encouraged to proactively monitor and check their IT networks regularly for signs of malicious activity. They can contact SingCERT at 6323 5052 or via email at if they require any assistance.

Also read: 4 Ways HR Can Champion Data Security

Feature image credit:

(Visited 1 times, 1 visits today)