Last month’s cyber-attack on SingHealth, which resulted in the breach of 1.5 million health records, might have been the work of an advanced persistent threat group, according to information disclosed by S. Iswaran, Singapore’s minister for communications and information in Parliament today.
Though reluctant to provide any specifics about which state might be behind the attack, Iswaran said that the detailed analysis of the attack, done by the Cyber Security Agency (CSA) of Singapore, indicated that it was likely a state-linked group because of the level of sophistication used by the attackers.
According to a 20 July press release, “CSA has ascertained that the cyber-attackers accessed the SingHealth IT system through an initial breach on a particular front-end workstation. They subsequently managed to obtain privileged account credentials to gain privileged access to the database. Upon discovery, the breach was immediately contained, preventing further illegal exfiltration.”
When pressed to attribute the attack to a specific state, Iswaran reportedly said,“In this sort of matter, while one can have a high level of confidence, one may not be able to have the certainty that you might need in order to specifically assign responsibility, and this is the kind of evidentiary threshold that may not stand up in a court of law. But at the operational level, the agencies that are involved have a high level of confidence,” according to Today Online.