NUS and NTU computer systems hacked into
A breach of IT networks of two local universities were discovered last month - the first such sophisticated attack on universities here.
The aim: to steal information either related to government or research, said the Cyber Security Agency of Singapore (CSA) and the Ministry of Education (MOE), on Friday (May 12).
Its chief executive David Koh told reporters: "We know who did it, and we know what they were after.
"But I cannot reveal this for operational security reasons."
The two affected universities are Nanyang Technological University (NTU) and National University of Singapore (NUS).
NUS detected an unauthorised intrusion into its IT systems on April 11, during cybersecurity assessments by external consultants who had been engaged to strengthen its cyber defence.
On April 19, NTU discovered intrusions into its networks when it ran regular checks on its systems.
The affected machines at both schools include shared personal computers, front-end workstations and servers.
At both schools, affected desktop computers and workstations were quickly isolated, removed and replaced.
Investigations revealed the attacks were the work of Advanced Persistent Threat (APT) actors.
"They are carefully planned and not the work of casual hackers," said CSA.
An APT is a network attack in which an unauthorised person gains access to a network, and stays there undetected for a long time.
The intention of an APT attack is to steal data rather than to cause damage to the network or organisation.
CSA found no evidence that student-related information or data was targeted.
Daily operations, including critical IT systems like student admissions and exam databases, were not affected as well, said both universities.
CSA's Singapore Computer Emergency Response Team has also reached out to other autonomous universities and informed our Critical Information Infrastructure (CII) Sectors and the government sector to step up monitoring and checks on their networks.
No suspicious activity in CII networks or government networks were detected so far, said CSA.
Both universities have since adopted additional security measures beyond those already in place, CSA added.