Check Point cybersecurity experts: The RAT is managed over the platform, communicating with the attacker’s C&C server and exfiltrating data to it.
State-sponsored hackers leaked healthcare data of 1.5 million patients in Singapore, including he Prime Minister Lee Hsien Loong. This thanks to an unpatched version of Microsoft Outlook and customized malware
Singapore has been hit by a major state-sponsored cyber espionage operation. Malicious hackers last year stole data of 1.5 million health care patients in the country, exploiting an unpatched version of Microsoft Outlook that bypassed the cyber security. Moreover, using a publicly available hacking tool, which allowed them to install malware on compromised workstations. It has been explained in report published Thursday by a government-backed commission. The malicious cyber attacks campaign lasted more than 10 months and compromised the personal data, including addresses and national identity numbers, of around a quarter of the population. The medical records exfiltrated, in fact, were about of 159,000 inhabitants. Including the Prime Minister Lee Hsien Loong. The goal was steal medical and personal data of the premier and other high value targets. From politicians to industrial managers.
Why this is a cyber espionage operation. Eyes fixed on China cyber army
In the report is clarified that the malicious hackers were state-sponsored. First of all, they exploited known cyber security vulnerabilities, but also used customized malware. Furthermore, they retained persistent access via multiple backdoors to the Singapore health database, and exhibited other traits of advanced persistent threat (APT) groups. For such complex and persistent cyber attacks, the gang had to be well-resourced and prepared, with high tech and expertise level. At the moment there’s no attribution of the campaign, but the are few countries with the capabilities to carry out such aggressions: Russia, Iran, North Korea and China. Eyes, however, are fixed om Beijing. Its cyber army is suspected of different cyber attacks in the past against the island. Targeting both the government, industrial and the financial institutions.