Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page134/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   130   131   132   133   134   135   136   137   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part IV
Page 156 of 425

like someone managed to get into SCM db already ... Attack is going on right
now”.
484. At Sze Chun’s workstation, Benjamin collected some screenshots and pasted them in a set of Microsoft PowerPoint slides and named the file “SCM
Breach.pptx”. These screenshots showed the details of the suspicious queries, including the hostname, program name, query run, and user-ID used. Copies of
SCM Breach.pptx were shared with Benjamin, Ernest, Wee, the rest of the CERT,
Lum, Kelvin, and Katherine on 4 July 2018. However, Benjamin did not provide any explanation of the slides.
26.6 Comparing and drawing links between the uses of Workstation
B in June 2018 and 4 July 2018
485. At pm and pm on 4 July 2018, Lum called Benjamin and spoke with him briefly about the suspicious queries to the SCM database that Sze Chun had identified.
They also discussed Workstation B, which had been identified as the machine that was used to run the suspicious queries on that day. Lum and Benjamin observed that Workstation Ba) Was the same workstation that had been discovered to be used to login to Citrix Server 4 earlier without authorisation b) This was the same hostname that they suspected to have been used to run a virtual machine, VM 2, that was used in connection with an unauthorised RDP session into Citrix Server 2 on 26 June 2018; and c) Had been seized by the SMD earlier on 26 June 2018.
486. At that point in time, Lum guessed that Workstation B was being spoofed to run as a virtual machine. It was also unclear to him how Citrix Server 2 was being accessed, as the login logs did not show either the LA. or SA. accounts being used.


COI Report – Part IV
Page 157 of 425

487. On his part, Benjamin had sent the SCM Breach.pptx to Ernest (see section 26.5 (pg 155) above. There is, however, no evidence showing that Benjamin had specifically informed Ernest at this point of their observations regarding the role of Workstation B.

Download 5.91 Mb.

Share with your friends:
1   ...   130   131   132   133   134   135   136   137   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy