Six Chinese nationals and a Singaporean have been arrested on Monday in Singapore for their alleged role in malicious cyber activities committed in connection with a “global syndicate.”

During raids on Monday, the police arrested six of the men and seized electronic devices with hacking tools installed and ready for carrying out cyberattacks, stolen personally identifiable information (PII), and credentials for servers known to be controlled by known hacker groups.

The operation involved 160 officers of Singapore’s police, intelligence agencies, and internal security department.

“On 9 September 2024, about 160 officers from the Singapore Police Force’s Criminal Investigation Department, Police Intelligence Department, Special Operations Command and the Internal Security Department conducted simultaneous raids at multiple residential locations island-wide,” reads the police’s announcement.

“The operation led to the arrest of the six men who are believed to be linked to a global syndicate which conducts malicious cyber activities.”

A seventh man, a Chinese national, was arrested separately, according to national news sources.

Various electronic devices and $1,394,000 in cash and cryptocurrencies have been seized by the police, and will be examined as part of the ongoing investigations.

The seven individuals arrested in Singapore are:

• 42-year-old Chinese national Sun Jiao – had access credentials for hacker servers, five laptops, six phones, S$24,000 cash, and USD$850,000 in cryptocurrency
• 38-year-old Chinese national Zhang Qingqiao – found in possession of unauthorized personal data, two laptops, three phones, and S$52,000 cash
• 35-year-old Chinese national Huang Qin Zheng – found with hacking tools, two laptops, four phones, and S$2,600 cash
• 32-year-old Chinese national Liu Yuq – police seized specialized software for controlling malware (e.g., PlugX backdoor), three laptops and four phones
• 38-year-old Chinese national Yan Peijian – suspected of buying illegal personal data, had one laptop, nine phones, and S$465,000 in cash
• 34-year-old Singaporean Goh Shi Yong – arrested for subscribing to two Singtel broadband plans for three of the Chinese nationals

PlugX is a remote access trojan (RAT) type of malware that is used as a backdoor on compromised systems. It has been associated with attack campaigns attributed to Chinese threat actors because it was observed since 2008 mostly in cyber espionage activities attributed to Chinese state-sponsored hacking groups.

Among the known Chinese advanced threat actors that leveraged PlugX in cyber operations are APT10 (Stone Panda), APT41 (Winnti), and Mustang Panda.

However, authorities in Singapore have not specified the threat group the men are believed to be associated with.