State-sponsored espionage group Whitefly behind Singapore cyberattack: report

NEW YORK (Reuters) - Singapore’s worst cyberattack, which stole personal information regarding 1.5 million people, including the prime minister, from a health database, was the work of a state-sponsored espionage group called Whitefly, Symantec Corp said on Wednesday.

Authorities in the wealthy city state have said the attack, which they believed was state-linked, illegally accessed and copied the non-medical personal details of visitors to clinics between May 2015 and July 4, 2018, including those of Prime Minister Lee Hsien Loong and Emeritus Senior Minister Goh Chok Tong.

In a report, security researchers at Symantec said Whitefly, which has been operating since at least 2017 and has targeted organizations across a range of sectors based mostly in Singapore, was primarily interested in stealing large amounts of sensitive information.

“Based on its tactics and targets, our assessment is that Whitefly is a state-sponsored espionage group. We can’t identify for certain who or what organization is directing or funding that activity,” a Symantec spokeswoman told Reuters.

“Whitefly’s tight focus on a limited number of targets in a single country leads us to believe they are likely a small- to medium-sized team.”

Symantec said last year’s breach was not a one-off attack, but part of a wider pattern targeting organizations in the southeast Asian island nation, in the healthcare, media, telecoms and engineering sectors.

In an emailed statement, the Cyber Security Agency of Singapore said, “As this is an independent investigation report by a commercial entity, we have no comment on its contents.”

Reporting by Angela Moon; Additional reporting by Aradhana Aravindan in SINGAPORE; Editing by Bernadette Baum and Clarence Fernandez