Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page48/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   44   45   46   47   48   49   50   51   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part III
Page 49 of 425

Part III – The attacker and the events and
contributing factors leading to the Cyber
Attack

TABLE OF CONTENTS – PART III

13
INTRODUCTION TO THIS PART. 51
14
THE CYBER ATTACK .................................................................................... 53
14.1
CSA’s reconstruction of events ..................................................................... 53 First evidence of breach and establishing control over Workstation A – August to December 2017 ............................................................................. 54 Privilege escalation and lateral movement – December 2017 to June 2018 .. 56 Notable events between December 2017 and June 2018 ............................... 57
14.4.1
Establishing control over the NCC server ........................................................ 57
14.4.2
Callbacks to a foreign IP address in January 2018 from Workstation A and the
PHI 1 Workstation ............................................................................................ 58
14.4.3
Obtaining credentials of the LA. local administrator account ........................ 59
14.4.4
Obtaining credentials of the SA. service account ............................................ 60
14.4.5
Obtaining credentials for the DA. domain administrator account .................. 60
14.4.6
Establishing control over Workstation B on 17 April 2018 ............................. 60
14.4.7
Attempts to login to the SCM database from Citrix Server 1 from 24 May to 12
June 2018 .......................................................................................................... 61
14.4.8
Attempts to login to the SCM database from Citrix Server 2 and Citrix Server
4 on 13 June 2018 ............................................................................................. 63
14.4.9
Attempt to login to the SCM database from Citrix Server 2 on 26 June 2018 65
14.4.10 Obtaining credentials of the AA. account from Citrix Server 3 on 26 June
2018 .................................................................................................................. 65 Queries to the SCM database from 26 June to 4 July 2018 ........................... 67 14.6
Exfiltration of data to overseas C servers .................................................... 68 Attempts to reenter the SingHealth Network on 18 and 19 July 2018 ......... 70

Download 5.91 Mb.

Share with your friends:
1   ...   44   45   46   47   48   49   50   51   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy