Chinese State-Sponsored Hackers Breach Singtel in Possible Test Run
This summer, cyber spies from the Volt Typhoon group, allegedly backed by the Chinese government, breached Singapore’s telecommunications company Singtel. Bloomberg sources reported that the incident occurred in June and that this breach may serve as a “test” before potential attacks on U.S. telecommunications firms.
U.S. and other international authorities have previously warned that Volt Typhoon has infiltrated networks of critical infrastructure in America and other countries. Experts believe the group may be preparing for cyberattacks capable of causing damage or large-scale disruptions. Volt Typhoon’s targets include telecommunications, energy, transportation, as well as water supply and wastewater systems.
The governments of the United States, Canada, the United Kingdom, Australia, and New Zealand have stated that Volt Typhoon’s actions extend beyond typical espionage. In their view, these cyber spies appear to be preparing to access operational technology (OT) systems that control key infrastructure operations.
In October, reports also surfaced about a group called Salt Typhoon, allegedly acting under the Chinese government’s direction as well. Salt Typhoon reportedly breached the telecommunications networks of U.S. companies Verizon, AT&T, and Lumen Technologies, although none of these companies commented on the attacks. Additionally, Salt Typhoon attempted to gain access to smartphones connected to the campaign teams of U.S. presidential candidates from both major parties.
China denies any involvement in these cyberattacks, asserting that Volt Typhoon does not exist. Singtel, for its part, declined detailed comments but stated that it takes cyber threats seriously and collaborates with leading security experts to protect its networks.
According to Bloomberg, Volt Typhoon used a web shell to infiltrate Singtel’s systems. This method resembles tactics described in August, when Volt Typhoon exploited a vulnerability in Versa’s SD-WAN equipment to implant specialized code that gathers user data. Experts are confident that such attacks continue against networks that have not yet implemented security updates.