Four Universities in Singapore Hacked
An Iranian hacking syndicate has allegedly attacked four universities in Singapore and pilfered more than 31 terabytes of academic data and intellectual property from varsities all over the world.
According to reports, 52 staff accounts across Nanyang Technological University (NTU), National University of Singapore (NUS), Singapore Management University (SMU) and Singapore University of Technology and Design (SUTD) were breached.
The Cyber Security Agency (CSA) of Singapore and Ministry of Education (MOE) in a joint statement had said the nine Iranians allegedly responsible for the attacks have been charged in the United States for attempting to hack into 144 US and 176 foreign universities across 21 countries – including those in Singapore – on behest of the Iranian government, the US Department of Justice said in a statement on March 23.
“The universities have stepped up their vigilance and users have been advised to change their passwords immediately,” said the agencies.
The CSA statement also said that the incident did not appear linked to the 2017 cyber attack on NUS and NTU networks and “at this time” there was no evidence that sensitive information had been breached.
Investigations revealed that the incident was a phishing attack where staff members were directed to a credential harvesting website to key in their login details. The credentials were then used to gain unauthorised access to the institutes’ library websites to obtain research articles published by staff members.
Following the alert from CSA and the MOE, the four universities said they had since reset passwords and scanned affected users’ computers. User accounts affected were mainly those of faculty members.
Internal investigations are also ongoing as the institutes continue to work with authorities on the matter.
According to US court documents, the nine Iranians believed to be responsible for the hacking are Gholamreza Rafatnejad, 38; Ehsan Mohammadi, 37; Abdollah Karima, also known as Vahid Karima, 39; Mostafa Sadeghi, 28; Seyed Ali Mirkarimi, 34; Mohammed Reza Sabahi, 26; Roozbeh Sabahi, 24; Abuzar Gohari Moqadam, 37; and Sajjad Tahmasebi, 30.
Charges against the group, which were made public on March 23, include several counts of identity theft, fraud and conspiracy to commit computer intrusions.
US Department of Justice
Investigations also revealed that the group was also accused of being linked to the Mabna Institute, an Iran-based company, which has conducted a coordinated campaign of cyber intrusions into computer systems since 2013, the US Department of Justice said in a statement.
The US courts have since termed the attacks as the “University Hacking Campaign” where research and data across all fields of research and academic disciplines, like science and technology, engineering, medical and social sciences were targeted.
The campaign targeted over 100,000 accounts of professors worldwide and approximately half of those targetted were at United States-based universities. The incident took place from 2013 to 2017
The court papers said about 8,000 professor accounts worldwide were compromised, of which about 3,768 belonged to academics from US-based universities.
The data and compromised account details were allegedly used to benefit the Iranian government, specifically the Islamic Revolutionary Guard Corps (IRGC), and other Iranian customers, including Iran-based universities, the US Justice Department said.
The identities of the hackers involved in the previous attacks on NUS and NTU in April 2017 have not been revealed but they were believed to have infiltrated the networks of the two institutions to steal government-related information. The universities are involved in government-linked projects for the defence, foreign affairs and transport sectors.
Earlier in 2017, in another cyber security attack, the personal data of 850 national servicemen and Ministry of Defence staff were stolen.