Cyber Incident Victim: Singapore Technologies Engineering Ltd
Date:
Jun 2020
Location:
Singapore
Summary
Maze ransomware operators publicly released stolen data from ST Engineering, a multinational engineering group specializing in aerospace and electronics sectors. The attackers claimed to have exfiltrated approximately 1.5 terabytes of sensitive corporate information, including cyber insurance documents, contractual calculation worksheets, and NASA review guidelines. Cybersecurity firm Cyble independently verified the authenticity of the leaked data, which exemplified the ransomware group's broader strategy of coercing payments by threatening to publish stolen information. This incident aligned with Maze's established pattern of escalating pressure on victims through periodic data disclosures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around June 5, 2020, Maze ransomware operators publicly disclosed a data breach affecting Singapore Technologies Engineering (ST Engineering), a global engineering conglomerate specializing in aerospace, electronics, land systems, and marine sectors. The attackers announced the release of stolen corporate data on their dedicated leak site, claiming exfiltration of approximately 1.5 terabytes of sensitive information. Threat intelligence firm Cyble independently verified the authenticity of the leaked data, which included internal documents such as cyber insurance policies, contractual calculation worksheets, and NASA-related review guidelines. This incident followed Maze's established pattern of double-extortion tactics, wherein the group steals data before encrypting systems and threatens public leaks to pressure victims into paying ransoms. The breach occurred against a backdrop of Maze's escalating activities, including a prior leak of Bank of Costa Rica credit card data with threats to release additional batches weekly.
The compromised data exposed critical operational and legal documentation, potentially impacting ST Engineering's commercial partnerships, regulatory compliance posture, and competitive positioning across its multinational operations spanning over 100 countries. While specific operational disruptions or financial demands were not detailed in available reports, the exposure of cyber insurance documents suggested potential implications for coverage claims and risk management strategies. The inclusion of NASA-related materials indicated potential aerospace sector vulnerabilities, though the exact nature of ST Engineering's involvement with NASA protocols remained unspecified. No public statements from ST Engineering regarding containment measures, forensic investigations, or recovery efforts were documented in the immediate aftermath of the leak announcement. The incident highlighted Maze's continued targeting of high-revenue multinational entities, with ST Engineering's $7.86 billion FY2019 revenue underscoring the economic significance of the victim organization.