Active Directory (AD) infrastructure serves as the digital core of an organization, but security operators dangerously ignore this singular security challenge, underestimating its global security risk.

About 1.5 million personal records of Singapore’s citizens plus hundreds of thousands of patient prescription details – including the Prime Minister’s – were accessed by an unknown criminal who targeted the AD infrastructure of SingHealth to gain full control over all its IT resources and use AD as a transport for destructive malware.

SingHealth routinely conducted technical audits without fully applying the recommended remediations, and the audit methods used in threat anticipation did not translate into strengthening of the infrastructure, making detection mechanisms insufficient.

This case study explains the important lessons from hacking the AD system of the largest group of healthcare institutions in Singapore and what you can do to prevent this incident from happening to your organization.