Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Trump-Kim Summit Attracts Wave of Cyber-Attacks on Singapore

The number of cyber-attacks targeting Singapore skyrocketed from June 11 to June 12, during the meeting between U.S. President Donald Trump and North Korean President Kim Jong-un in a Singapore hotel, and most of these attacks originated from Russia, F5 Labs reports.

The number of cyber-attacks targeting Singapore skyrocketed from June 11 to June 12, during the meeting between U.S. President Donald Trump and North Korean President Kim Jong-un in a Singapore hotel, and most of these attacks originated from Russia, F5 Labs reports.

Russia has long been said to keep the United States under a continuous barrage of cyber-attacks, and even attracted a series of sanctions following the hacking aimed at the 2016 presidential election, which was supposedly the doing of state-sponsored Russian threat actors.

Thus, it’s no wonder the Trump-Kim summit earlier this week was targeted as well, but the number of assaults coming from Russia is indeed impressive: 88% of the total number of observed cyber-attacks came from this country. Furthermore, 97% of all the attacks that originated from Russian during the timeframe targeted Singapore, data from F5 Labs and Loryka reveals.

“We cannot prove they were nation-state sponsored attacks, however the attacks coincide with the day President Donald Trump met with North Korean President Kim Jong-un in a Singapore hotel. The attacks targeted VoIP phones and IoT devices, which appears to be more than a mere coincidence,” F5 says.

The flurry of attacks, the security firm reveals, started out of Brazil by targeting port SIP 5060, the single most attacked port in the timeframe. IP phones use this port to send and receive communications in clear text.

This initial phase, which lasted for only a couple of hours, was followed by reconnaissance scans from the Russian IP address 188.246.234.60 – an IP owned by ASN 49505, operated by Selectel – targeting a variety of ports.

The attacks observed on June 11 and June 12 also targeted the Telnet port, which is normally assaulted in Internet of Things (IoT) incidents. Other targeted ports include SQL database port 1433, web traffic ports 81 and 8080, port 7541 (used by Mirai and Annie to target ISP-managed routers), and port 8291 (previously targeted by Hajime).

During a period of 21 hours, starting at 11:00 p.m. on June 11 through 8:00 p.m. June 12, local time, a total of 40,000 attacks were launched on Singapore. Of these, 92% were reconnaissance scans looking for vulnerable devices, while the remaining 8% were exploit attacks.

Advertisement. Scroll to continue reading.

“Thirty-four percent of the attacks originated from Russian IP addresses. China, US, France, and Italy round out the top 5 attackers in this period, all of which launched between 2.5 to 3 times fewer attacks than Russia. Brazil, in the sixth position, was the only other country we detected launching SIP attacks alongside Russia,” F5 reveals.

During the period, Singapore became the top destination of cyber-attacks by a large margin, receiving 4.5 times more attacks than the U.S. or Canada. Typically, Singapore is not a top attack destination, and the anomaly coincides with President Trump’s meeting with Kim Jong-un.

While Russia was the main source of attacks, accounting for 88% of them, Brazil was the second largest attacker, launching 8% of the assaults. Germany rounded up top three attackers, with 2%.

The security researchers also note that there was no attempt made to conceal the attacks launched from Russia and that none of the attacks originating from this country carried malware.

The SIP port 5060 received 25 times more attacks than Telnet port 23, which was the second most targeted. Although attacks on port 5060 are unusual, chances are that the attackers were attempting to gain access to insecure phones or perhaps the VoIP server. The attacks on Telnet were likely trying to compromise IoT devices to spy on communications and collect data.

“We do not have evidence directly tying this attacking activity to nation-state-sponsored attacks, however it is common knowledge that the Russian government has many contractors within Russia doing their bidding, and that a successful attack on a target of interest would make its way through to the Kremlin,” F5 concludes.

Related: No Evidence Russian Hackers Changed Votes in 2016 Election, Say Senators

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...