A zip attachment contains a img with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.
Singapore hit by major cyber attacks: data of 1.5 million healthcare patients leaked
State-sponsored hackers leaked healthcare data of 1.5 million patients in Singapore, including he Prime Minister Lee Hsien Loong. This thanks to an unpatched version of Microsoft Outlook and customized malware
Singapore has been hit by a major state-sponsored cyber espionage operation. Malicious hackers last year stole data of 1.5 million health care patients in the country, exploiting an unpatched version of Microsoft Outlook that bypassed the cyber security. Moreover, using a publicly available hacking tool, which allowed them to install malware on compromised workstations. It has been explained in report published Thursday by a government-backed commission. The malicious cyber attacks campaign lasted more than 10 months and compromised the personal data, including addresses and national identity numbers, of around a quarter of the population. The medical records exfiltrated, in fact, were about of 159,000 inhabitants. Including the Prime Minister Lee Hsien Loong. The goal was steal medical and personal data of the premier and other high value targets. From politicians to industrial managers.
Why this is a cyber espionage operation. Eyes fixed on China cyber army
In the report is clarified that the malicious hackers were state-sponsored. First of all, they exploited known cyber security vulnerabilities, but also used customized malware. Furthermore, they retained persistent access via multiple backdoors to the Singapore health database, and exhibited other traits of advanced persistent threat (APT) groups. For such complex and persistent cyber attacks, the gang had to be well-resourced and prepared, with high tech and expertise level. At the moment there’s no attribution of the campaign, but the are few countries with the capabilities to carry out such aggressions: Russia, Iran, North Korea and China. Eyes, however, are fixed om Beijing. Its cyber army is suspected of different cyber attacks in the past against the island. Targeting both the government, industrial and the financial institutions.