Singtel attacked by Chinese hacker group as part of worldwide campaign: Bloomberg

Singtel was breached by Chinese state-sponsored hackers earlier this year, according to two people familiar with the matter who spoke to Bloomberg.

The breach is also believed to be part of a broad campaign against telecommunications companies and other critical infrastructure operators worldwide, the sources added.

The breach was first discovered in June 2024.

Anonymous sources cited by Bloomberg claimed that the breach was pulled off by a hacking group known as "Volt Typhoon".

The breach of Singtel is also believed to be a test run by China for further hacks against U.S. telecommunications companies.

Information from the attack has also provided investigators with clues about the "expanding scope of suspected Chinese attacks against critical infrastructure abroad, including in the U.S.," Bloomberg reported.

Malware in "listening mode", likely a test run hack

According to Bloomberg's sources, the attack relied on a tool known as a web shell.

The web shell would allow hackers to intercept and gather credentials to gain access to a customer’s network, under the guise of an authentic user.

A source claimed that Singtel uncovered the breach of its network after detecting suspicious data traffic in a core back-end router.

The data was believed to be sophisticated malware in a "listening mode", but did not appear to be activated for espionage purposes.

Instead, the attack is believed to be either a test run of a new hacking capability or meant to create a strategic access point for future attacks.

A Singtel spokesperson told Mothership:

"Like any other large organisation and key infrastructure provider around the world, we are constantly probed.

Singtel wishes to clarify that there was a malware detected in June which was subsequently dealt with and reported to relevant authorities. There was no data exfiltrated and no impact to services. However, we cannot confirm or ascertain if this is the exact same event listed in the Bloomberg article with the cited threat actors and intended targets. We do not comment on speculation. Singtel conducts regular malware sweeps as part of its cyber posture.

Network resilience remains critical to our business, and we adopt industry best practices and work with leading security partners to continuously monitor and address the threats that we face on a daily basis. We also regularly review and enhance our cybersecurity capabilities and defences to protect our critical assets from evolving threats."

Volt Typhoon

Volt Typhoon is a Chinese state-sponsored hacker group.

Volt Typhoon was publicly identified by security analysts at Microsoft back in May 2023.

Microsoft then wrote that the group could “disrupt critical communications infrastructure between the United States and Asia region during future crises”.

The group is believed to have also been responsible for attacks on critical infrastructure assets in the U.S. and around the world as far back as 2021.

Volt Typhoon's modus operandi involves targeting vulnerable internet devices to hide and establish an access point for possible future attacks.

Top photo via Google Maps.