Chinese group accused of hacking Singtel in telecom attacks

SINGAPORE – Singapore Telecommunications, Singapore’s largest mobile operator, was breached by Chinese state-sponsored hackers this summer as part of a wider campaign against telcos and other critical infrastructure operators around the world, according to two people familiar with the matter.

The previously undisclosed breach was discovered in June, and investigators believe it was held by a hacking group known as Volt Typhoon, according to the two people, who asked not to be identified to discuss a confidential investigation.

Officials from the United States, Australia, Canada, Britain and New Zealand – the “Five Eyes” intelligence-sharing alliance – warned in early 2024 that Volt Typhoon embeds itself in compromised IT networks to give China the ability to conduct disruptive cyber attacks in the event of a military conflict with the West.

The breach of Singtel, a carrier with operations in Southeast Asia and Australia, was seen as a test by China for other attacks against US telecommunications companies, and intelligence from the attack offered clues about the scope of the suspected attacks. against critical infrastructure abroad, including in the US, the people said.

In an emailed response to questions from Bloomberg News, Singtel did not directly address questions about the alleged breach. “We understand the importance of network resiliency, especially as we are a key provider of infrastructure services,” the company said. “That’s why we adopt industry best practices and work with industry-leading security partners to continuously monitor and promptly address the threats we face every day. We also regularly review and improve our cybersecurity capabilities and defenses to protect our critical assets from evolving threats.”

A spokesman for the Chinese Embassy in Washington, Liu Pengyu, said he did not know the details reported by Bloomberg, but that in general China strongly opposes and combats cyber attacks and cyber theft.

The US is currently grappling with its own suspected Chinese attacks on political campaigns and telecommunications companies. Officials have described the telecom breaches as one of the most damaging campaigns on record by alleged Chinese hackers, and one they are still trying to fully understand and contain.

In the US telecom attacks, which investigators have attributed to another Chinese group called Salt Typhoon, AT&T Inc and Verizon Communications Inc are among those breached, and hackers potentially accessed systems the federal government uses for wiretapping requests. court-authorized networks, Wall Street. The Journal reported in early October.

US intelligence officials believe the Chinese hacking group they named Microsoft Corp Salt Typhoon may have been inside US telecommunications companies for months and found a route to an access point for legally authorized wiretapping, according to a person familiar with their views.

AT&T declined to comment. Verizon did not respond to a request for comment.

Through these intrusions, the hackers are believed to have targeted the phones of former President Donald Trump, JD Vance and members of the Trump family, as well as members of Vice President Kamala Harris’ campaign staff and others, the New York Times reported. .

In the case of the alleged Singtel breach, one of the people familiar with the incident said the attack was based on a tool known as a web shell.

In August, researchers from Lumen Technologies Inc said in a blog post that they had “moderate confidence” that Volt Typhoon used such a web shell. A sample of the malware was first uploaded to VirusTotal, a popular site for security experts to research malicious code, on June 7 by an unidentified entity in Singapore, according to Lumen researchers.