23 Dec 2022 | Asia Cyber Summary

In the spotlight this week:

• Keppel Telecommunications and Transportation Hit by Data Breach
• RedMart Fined SGD 72,000 for Data Breach Resulting in Online Sale of Customer Data
• Chinese Electric Automaker Nio Hit by Data Breach
• Queensland University of Technology Shuts Down IT Systems After Being Hit by Ransomware Attack
• Okta’s Source Code Stolen After GitHub Repositories Hacked
• Lastpass: Hackers Stole Customer Vault Data in Cloud Storage Breach
  ‍

Keppel Telecommunications and Transportation Hit by Data Breach

Keppel Telecommunications & Transportation (KTT) has been hit by a data breach that has potentially exposed the personal information of former shareholders, former employees, and staff members of its affiliates. Unknown threat actors had gained access to a server that had previously belonged to and been used by KTT to access old files. None of KTT's existing IT infrastructure or systems were involved in or impacted by the breach. KTT has businesses in data centers and subsea cable systems in the Asia-Pacific region and Europe. 

‍

RedMart Fined SGD 72,000 for Data Breach Resulting in Online Sale of Customer Data

Grocery delivery service RedMart has been fined SGD 72,000 by Singapore’s privacy watchdog for failing to put in place reasonable security measures to protect customers' personal data, such as names, encrypted passwords, phone numbers, and partial credit card numbers. After an acquisition by Lazada in 2016, RedMart set out to migrate and integrate its customer-facing website and mobile applications, and cease operations by March 2019. However, the migration of Redmart’s back-end system was not completed and remained on cloud storage provided by Amazon Web Services (AWS). There was no password authentication required to access this database, nor was it encrypted. Watchdog investigations revealed that an unidentified threat actor exfiltrated the database in September 2020 after gaining unauthorized access to RedMart's cloud on AWS via a compromised staff account.

‍

Chinese Electric Automaker Nio Hit by Data Breach

In the most recent hacking incident to affect the global auto industry, China-based electric automaker Nio Inc. said on Tuesday that hackers had broken into its computer systems and accessed data on users and vehicle sales. The hackers claimed to possess the electric carmaker's internal data and demanded USD 2.25 million in bitcoin in an email. The cyber attack on Nio also occurs at a time when the Chinese government is pressuring automakers to strengthen data security and store locally generated key data in the country. 

‍

Queensland University of Technology Shuts Down IT Systems After Being Hit by Ransomware Attack

The Queensland University of Technology (QUT) has suffered a ransomware attack that has seen campus printers spew out multiple copies of ransomware notes simultaneously. The university has taken precautions by shutting down multiple
IT systems. The printed ransomware note claimed to originate from ‘Royal Ransomware’, which deletes shadow copies of data on a system to prevent data recovery. Royal ransomware also increases encryption speed by running threads on all system processors and using a form of intermittent encryption. A ransomware note is also left behind in each directory it traverses. A spokesperson for QUT said that although multiple systems had been compromised, none of the ‘core’ student, staff, or financial systems appeared to be involved.

Students who received an offer to study at the university this morning are also being contacted by QUT. Although they can accept offers from the university, students won't be able to finish their paperwork until the IT systems are operational again.

‍

Okta’s Source Code Stolen After GitHub Repositories Hacked

Okta, a leading provider of authentication services and Identity and Access Management (IAM) solutions, says that its private GitHub repositories were hacked this month. GitHub notified Okta earlier this month of suspicious access to Okta's code repositories.

Earlier this year, Okta faced multiple security incidents and bumpy disclosures when hacking group Lapsus$ claimed that it had access to Okta's administrative consoles and customer data, and began posting screenshots of the stolen data on Telegram. Okta-owned Auth0's source code repositories were also obtained by a ‘third-party individual’ from its environment via unknown means.

‍

Lastpass: Hackers Stole Customer Vault Data in Cloud Storage Breach

Lastpass has disclosed that hackers stole customer vault data after breaching its cloud storage system earlier this year using data stolen in an incident in August 2022. The cloud storage service is used to store archived backups of production data. The threat actor copied backup data and related metadata containing company names, end-user names, billing addresses, email addresses, phone numbers, and the IP addresses from which customers were accessing the Lastpass service. 

LastPass’ password management software is used by more than 33 million people and 100,000 businesses worldwide.

This the second security incident disclosed by the company since the start of the year after confirming in August that its developer environment was breached using a compromised developer account.