Chinese state-sponsored hackers reportedly breach SingTel in global telecommunications attacks

In a confidential investigation revealed by BloombergSingapore Telecommunications Ltd (SingTel), the largest mobile operator in Singapore, was reportedly hacked by Chinese state-sponsored hackers this summer.

The attackers, identified as Volt Typhoon, are believed to have infiltrated SingTel’s systems as part of a broader effort to compromise global telecommunications infrastructure, with possible motives ranging from espionage to strategic disruption, two people familiar with the matter said. incident and who spoke on condition of anonymity.

The SingTel breach follows a pattern of Chinese cyber intrusions into critical telecommunications networks, with a particular focus on US operators. Officials in the United States have noted similar breaches involving another China-linked group, Salt Typhoon.

Recent reports from the Wall Street Journal note that Salt Typhoon reportedly accessed US telecommunications systems used for court-authorized network tapping by AT&T Inc and Verizon Communications Inc.

These intrusions have raised significant national security concerns, as such access could potentially enable surveillance of high-profile individuals and government officials.

In addition to the recent breaches, there has been a long-standing campaign by China-affiliated threat actors targeting Internet-facing systems worldwide.

According to Security WeekAnother group of threat actors, including Volt Typhoon, has been exploiting multiple vulnerabilities in Sophos devices since 2018, particularly in edge devices and firewall infrastructure.

In a recent statement, the FBI appealed for public assistance to identify those behind this campaign, which also includes other prominent groups such as APT41 and APT31, along with Volt Typhoon.

This ongoing series of attacks exploited zero-day vulnerabilities, including CVE-2020-12271, to gain root-level access to compromised devices. In April 2020, Sophos reported that the Asnarök malware had been deployed on its XG Firewalls, leading to a coordinated server removal of the malware.

Sophos, a British security company, unveiled last week that these threat groups have targeted their devices as part of a multi-year campaign.

The company announced that it has developed custom tools to monitor the attackers’ tactics, techniques and procedures (TTPs), deploying an implant to track the attackers’ activities.

While Sophos did not release information about specific organizations affected by these attacks, the FBI indicated that both private companies and government agencies were targeted.

To further assist in tracking down these attackers, the FBI has called on individuals with knowledge of the hackers’ identities to come forward. Working with the UK’s National Cyber ​​Security Center, the FBI has released technical details about ‘Pygmy Goat’, an advanced backdoor malware discovered in compromised Sophos XG firewalls.

A spokesperson for the Chinese Embassy in Washington, Liu Pengyu, responded to the allegations without going into details, but reiterated that China opposes all forms of cyber attacks and cyber theft. The Chinese government has long denied allegations of state-sponsored hacking, although cyber intelligence experts say China remains one of the most prolific state actors in cyber espionage.

General Timothy Haugh, director of the US National Security Agency (NSA), commented on the severity of the recent telecom attacks, noting in October that the current investigation into these incidents is still in its early stages.

Following these breaches, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) identified specific malicious activity associated with Chinese actors and provided direct technical assistance to affected companies.

Security analysts have raised concerns about the potential long-term effects of these breaches, highlighting the possibility of state-sponsored actors embedding themselves in critical infrastructure with the ability to later cause disruption or gather intelligence.

Retired General Paul Nakasone, former director of the NSA, recently highlighted the significant challenge posed by these groups, describing the increasing scale and complexity of both Volt and Salt Typhoon attacks.

Chinese state-sponsored hackers have been active in cyber operations for years, including prominent incidents such as the 2015 breach of the US Office of Personnel Management.

However, officials warn that these recent breaches point to a strategy that goes beyond espionage, one that may be aimed at positioning China to disrupt or control critical infrastructure in the event of heightened geopolitical tensions.

The consequences of such access, security experts warn, could extend far beyond direct breaches and impact everything from data privacy to national security.