Contact Contact Us

Whitefly Group Targeted Organisations in Singapore since 2017

A new threat group dubbed Whitefly has targeted organisations based in Singapore from 2017 to mid-2018 and could be responsible for the SingHealth cyber attack in July 2018. Whitefly uses spear phishing attacks containing a document or image to drop a malicious executable or DLL file in the target organisation. These emails are crafted to look like job openings or documents from organisations operating in the same industry as the victim to increase opening rate. When the dropper is activated, it uses the DLL hijacking technique to load an encrypted payload at the compromised host. The payload then connects with its C&C, which will receive system information and download additional tools such as Mimikatz for credential theft as well as Termite rootkit to control multiple compromised hosts. Besides targeting healthcare, media, telecommunications and engineering sectors in Singapore, Whitefly's toolset was also observed in attacks against defence and energy targets in Southeast Asia and Russia.

References:
[1] Whitefly: Espionage Group has Singapore in Its Sights

Ensign InfoSecurity Singapore
30A Kallang Place
#08-01
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883