ZDNet discusses how Iranian hackers are breaching Singapore universities to access research data:
At least 52 accounts were affected across the Nanyang Technological University (NTU), National University of Singapore (NUS), Singapore Management University, and Singapore University of Technology and Design, according to a joint statement Tuesday by Cyber Security Agency of Singapore (CSA) and Ministry of Education (MOE).
Hackers had used phishing attacks to harvest credentials from affected staff members and used these to gain access to the institutes’ online libraries and research articles published by the academic staff.
Based on their investigations, CSA and MOE said no sensitive data had been stolen and the attacks did not appear to be linked to the APT attacks against NUS and NTU last year.
They were, however, believed to be part of last month’s attacks against education institutions worldwide including 144 universities in the US, after which the US Deputy Attorney General unveiled a series of indictments and financial sanctions against Iranians. The US government had identified nine Iranians thought to be part of the cyberattacks.
Iran is stepping up their cyber attack profile, hitting more locations outside their immediate vicinity. It is interesting to witness Iran maturing from a strong localized actor to a more globalized one. Likely the success of Chinese, Russian, and North Korean nation state backed actors is likely motivation enough for Iran, who wants to be recognized as a world cyber power.
In addition, Iran is well behind the rest of the globe in research. Much like how China primarily leverages cyber attacks for economic gain, to forego the need to spend a lot of time and money on research and development, Iran possibly sees the benefit of such an approach. By stealing intellectual property from research institutions like major Universities, Iran could potentially gain an economic advantage, or even a military one, depending on the application of the data they are focusing on collecting.
Russia and China are the two nation-states with the most concerning capabilities, the report said. Both are considered to possess the highest levels of technical sophistication, reserved for only a select set of countries. The actors can engage in full-spectrum operations, utilizing the breadth of capabilities available in cyber-operations in concert with other elements of state power, including conventional military force and foreign intelligence services with global reach. The capabilities they have are thus alarmingly advanced, according to Flashpoint: “Kinetic and cyber-attacks conducted by the threat actor(s) have the potential to cause complete paralysis and/or destruction of critical systems and infrastructure. Such attacks have the capacity to result in significant destruction of property and/or loss of life. Under such circumstances, regular business operations and/or government functions cease and data confidentiality, integrity, and availability are completely compromised for extended periods,” the report noted.
For Russia’s part, its state-sponsored hacking arms (such as Fancy Bear) remain highly active, capable and influential, the report said, with retaliatory and cyber-influence activity expecting to ramp up as it is increasingly isolated from the West following election interference and information operations against Western democracies.
“Moreover, Moscow continues to crack down on digital dissent and segregate itself from the global internet,” the report found. “The result is a country moving quickly toward a unique model of domestic information control via technical control of internet infrastructure, services and data, a lack of online anonymity, and censorship.”
As for China, it too remains an active and highly capable actor in cyberspace on multiple levels, although state-sponsored activity against Western targets has dropped off a bit. The report cautions decision makers not to grow complacent.
Both China and Russia are two of the most sophisticated countries with cyber operations capabilities. However, the two countries leverage cyber for diametrically opposed reasons. Russia is interested in destabilizing the globe, while China, primarily, utilizes cyber as a means of either propping up its own economic goals or for espionage.