Four Singapore varsities hacked
Iranian syndicate members accused of stealing data from 52 accounts
SINGAPORE: Four Singapore universities have come under attack from an Iranian hacking syndicate, which is believed to have pilfered over 31 terabytes of academic data and intellectual property from varsities all over the world.
There was a breach of 52 staff accounts across Nanyang Technological University (NTU), National University of Singapore (NUS), Singapore Management University and Singapore University of Technology and Design, said the Cyber Security Agency (CSA) of Singapore and Ministry of Education (MOE) in a joint statement on Tuesday.
The nine Iranians allegedly responsible for the attacks have been charged in the United States for attempting to hack into 144 US and 176 foreign universities across 21 countries, including those in Singapore, on behest of the Iranian government, the US Department of Justice said in a statement on March 23.
The CSA said it received information about the breach in the user accounts of the Singapore universities last week, and alerted the MOE and the affected institutions to run checks on their networks.
“The universities have stepped up their vigilance and users have been advised to change their passwords immediately,” said the agencies in response to queries from The Straits Times.
The CSA statement also said the incident did not appear to be linked to the 2017 cyberattack on NUS and NTU networks and “at this time” there was no evidence that sensitive information had been breached.
Based on investigations, the incident was a phishing attack where staff members were directed to a credential harvesting website to key in their login details.
The credentials were then used to gain unauthorised access to the institutes’ library websites to obtain research articles published by staff members, said the agencies.
Among the user accounts affected were those of faculty members.
The four universities said measures such as resetting of passwords and scanning of affected users’ computers were carried out following the alert from CSA and MOE.
According to US court documents, the nine Iranians believed to be responsible for the hacking are Gholamreza Rafatnejad, 38; Ehsan Mohammadi, 37; Abdollah Karima, also known as Vahid Karima, 39; Mostafa Sadeghi, 28; Seyed Ali Mirkarimi, 34; Mohammed Reza Sabahi, 26; Roozbeh Sabahi, 24; Abuzar Gohari Moqadam, 37; and Sajjad Tahmasebi, 30.
Charges against the group included several counts of identity theft, fraud and conspiracy to commit computer intrusions.
The group is also accused of being linked to the Mabna Institute, an Iranbased company, which has conducted a coordinated campaign of cyberintrusions into computer systems since 2013, the US Department of Justice said. — The Straits Times/Asia News Network