Hackers broke into IT systems in two of Singapore’s largest universities looking to steal government and research data, according to the Cyber Security Agency of Singapore.

The attacks on the National University of Singapore and the Nanyang Technological University were detected in April. They were Advanced Persistent Threats, where a hacker breaks into a network and remains there undetected for a long period of time with the intent of stealing data.

CSA has not revealed what data has been stolen, but in a statement said that the attacks are “carefully planned and are not the work of casual hackers. The objective may be to steal information related to government or research”.

The universities’ systems are separate from government ones, so the extent of the attacks “appear to be limited”, it added. “There is no evidence that information or data related to students was being targeted” and “no sign of suspicious activity” on critical infrastructure and government networks.

“We know who did it, and we know what they were after. But I cannot reveal this for operational security reasons,” Chief Executive David Koh told a press conference.

The agency is working with NTU and NUS to conduct forensic analysis of the nature and extent of the attack. “At both NTU and NUS, affected desktop computers and workstations were quickly isolated, removed and replaced,” CSA said.

These hacks are separate from the global ransomware attacks that took place over the weekend. No Singaporean government agencies or critical infrastructure were affected by those, CSA said. A shopping mall, however, was attacked.