Tech-savvy criminals operating from luxury condos in Singapore have just learned the hard way that no corner of the globe is out of reach for law enforcement.
In an impressive sweep, Singapore’s police arrested six men believed to be part of a global cybercrime syndicate, following coordinated raids on Monday. The suspects—five Chinese nationals and one Singaporean—face charges related to illegal cyber activities, marking one of the largest busts of its kind in the region.
A Coordinated Strike Against Cybercrime
The Singapore Police Force mobilized 160 officers in a precision raid that targeted multiple locations across the country. The operation involved the Criminal Investigation Department, Police Intelligence Department, Special Operations Command, and the Internal Security Department.
Authorities arrested six men, who they suspect belong to an international cybercrime syndicate involved in various malicious cyber activities, including hacking, theft of personal information, and cryptocurrency-related crimes. Along with the arrests, police seized electronic devices, cash, and cryptocurrency assets worth hundreds of thousands of U.S. dollars.
A High-Stakes Operation: The Arrests
One of the more significant arrests occurred at a high-end condominium along Bidadari Park Drive, where police apprehended a 42-year-old Chinese national. Inside his residence, authorities found five laptops, six mobile phones, and a trove of digital evidence, including credentials to access servers linked to notorious hacker groups. The individual had amassed cash totaling more than S$24,000 and held cryptocurrency assets valued at USD $850,000.
Three other suspects, also Chinese nationals, were arrested at a luxury property along Mount Sinai Avenue. Each suspect played a unique role in the syndicate:
- A 38-year-old man possessed laptops containing personal data harvested from foreign entities. This kind of data, known as personally identifiable information (PII), includes sensitive details like names, email addresses, and social security numbers that can be exploited for identity theft or blackmail. Police seized more than S$52,000 in cash and other foreign currency.
- A 35-year-old man was found with a laptop brimming with hacking tools, reportedly preparing for imminent cyberattacks. Such tools are often designed to exploit vulnerabilities in internet servers, giving attackers control over networks and valuable data. Authorities confiscated laptops, phones, and additional cash.
- A 32-year-old man harbored software capable of controlling malware like PlugX—a remote access Trojan (RAT) known for its stealth capabilities. This sophisticated malware allows attackers to take over machines, gather data, and execute commands remotely. Police seized laptops and mobile devices from his residence.
A fourth suspect, another 38-year-old Chinese national, was apprehended at his condo on Cairnhill Road. Police suspect this individual was involved in purchasing stolen personal information, underscoring the commercial aspect of modern cybercrime. Investigators confiscated S$465,000 in cash, one laptop, and multiple phones.
Finally, a 34-year-old Singaporean man was arrested at an HDB block along Hougang Avenue. Authorities believe he acted as an accomplice to the syndicate, aiding in the illegal cyber operations carried out on Singaporean soil.
PlugX, a Fave Chinese Espionage Tool
PlugX is a sophisticated Remote Access Tool (RAT) that has been active since approximately 2012. It is used by multiple threat groups for cyber espionage activities, especially China-linked. According to Cyble Research and Intelligence Labs, 39 threat actors—all origination from China—have been historically observed using PlugX for espionage.
Threat actors employ PlugX to gain full control over victims’ machines remotely, enabling them to execute commands like capturing the screen, logging keystrokes, managing processes, services, and registry entries, as well as opening a shell, researchers at Cyble tell The Cyber Express.
In a hypothetical scenario, threat actors could send a phishing email containing a malicious attachment that, once opened, installs PlugX on the victim’s system. This would allow the threat actor to gain unauthorized access to the victim’s machine, exfiltrate sensitive data, and maintain persistence for prolonged periods undetected, Cyble researchers said.
One of the most recent campaigns from APT31 – a threat actor last seen using PlugX RAT in March – saw six Australian members of parliament being targeted to gather intelligence on them.
The hackers used pixel tracking emails from a domain pretending to be a news outlet to target the MPs. If opened, these emails tracked the recipients’ online behavior.
According to an earlier FBI indictment, the APT31 hackers spammed various government individuals worldwide associated with IPAC, with more than 10,000 malicious emails that also exploited zero-days and resulted in potential compromise of economic plans, intellectual property and trade secrets.
The Singapore Police Force, however, did not link the arrested individuals to any threat group and details on this remain unclear.
Facing the Full Force of the Law
The five Chinese nationals arrested in Singapore are set to face charges under Singapore’s Computer Misuse Act 1993. If found guilty, they could face severe penalties, including imprisonment and hefty fines. The most common charges include unauthorized access to computer systems, possession of hacking tools, and the illicit handling of personal data.
The Computer Misuse Act enforces strict measures against cybercrime, with penalties ranging from fines of up to $10,000 to imprisonment for up to three years, or both. The Singaporean man, charged with abetting these crimes, faces similar consequences under the same law.