Singapore Mounts Largest Ever Cyber Operation to Oust APT Actor

Singapore’s Cyber Security Agency (CSA) recently spearheaded its largest ever cyber operation, a year-long, coordinated effort known as “Project GREASE.” This significant undertaking aimed to successfully dislodge an Advanced Persistent Threat (APT) actor from the critical telecommunications networks within the nation. The extensive operation highlights the growing sophistication of cyber threats targeting essential infrastructure and the robust, collaborative response required to counter them.

Understanding Project GREASE: A Coordinated National Response

Project GREASE was initiated after intelligence revealed that an unnamed APT actor had established persistent access to the systems of several telecommunications companies in Singapore. To address this formidable challenge, the CSA orchestrated a comprehensive national-level effort. This involved close collaboration with local telecommunication operators and crucial support from overseas cybersecurity partners. The primary objective was a sustained campaign to identify, contain, and ultimately remove the elusive APT actor from the compromised networks.

The APT Actor’s Tactics and Exploits

The APT actor gained initial entry into the telco networks through a supply chain compromise, exploiting vulnerabilities in compromised network devices and managed service providers (MSPs). Once inside, the threat actor employed various publicly known vulnerabilities to maintain persistent access and advance their objectives. Notably, the Log4j vulnerability (CVE-2021-44228) was among the exploits leveraged. The actor engaged in reconnaissance, gathered intelligence, and moved laterally across different networks within the affected telco infrastructures. While the actor maintained persistence and conducted these activities, there were no reported disruptions to essential services or instances of data theft from subscribers during the incident.

A Collaborative Defense and Successful Ousting

The success of Project GREASE was largely attributed to the active and coordinated threat hunting conducted across the telco networks over several months. This extensive effort was bolstered by intelligence shared by the involved telcos and CSA’s international partners. Based on the gathered insights, CSA developed a tailored package of countermeasures designed to strengthen network defenses, enhance monitoring capabilities, and refine incident response protocols. These collective and strategic efforts ultimately culminated in the complete expulsion of the APT actor from Singapore’s telecommunications networks.

Lessons Learned and Enhanced Cybersecurity Posture

The conclusion of Project GREASE not only resulted in the successful ousting of the APT actor but also significantly improved cyber hygiene across Singapore’s entire telecommunications sector. This landmark operation underscores the critical importance of strong public-private partnerships in safeguarding national critical infrastructure against sophisticated and persistent cyber threats. The CSA’s proactive approach and the seamless cooperation among all stakeholders serve as a testament to Singapore’s commitment to maintaining a secure and resilient digital landscape.