You are here: Home Asia

Critical infrastructure in Singapore under attack by cyber espionage group: Shanmugam

Avatar photo July 20, 2025 0 comment

[SINGAPORE] The authorities are dealing with an ongoing attack on Singapore’s critical information infrastructure by a state-sponsored cyber espionage group, UNC3886.

Naming the nation’s attacker for the first time on Friday (Jul 18), Coordinating Minister for National Security K Shanmugam said that Singapore is facing serious threats from state-linked advanced persistent threat (APT) actors.

These are well-resourced attackers that use sophisticated techniques to evade detection. They lurk in networks to spy over the long term to steal sensitive information or disrupt essential services, among other objectives.

“UNC3886 poses a serious threat to us, and has the potential to undermine our national security,” said Shanmugam at the Cyber Security Agency of Singapore’s (CSA) 10th anniversary dinner at Sands Expo and Convention Centre.

“Even as we speak, UNC3886 is attacking our critical infrastructure right now.”

Shanmugam did not disclose UNC3886’s sponsors, but experts have said that the group is linked to China.

A NEWSLETTER FOR YOU

Friday, 8.30 am

Asean Business

Business insights centering on South-east Asia’s fast-growing economies.

Cybersecurity firm Mandiant first detected the Chinese espionage group in 2022. UNC3886 is said to have targeted prominent strategic organisations – including those in the defence, technology and telecommunications sectors – on a global scale.

APT hackers like UNC3886 gain unauthorised access into networks by employing techniques such as custom malware and tools available on the victim’s system to evade detection. Zero-day exploits, which are unpatched vulnerabilities, are also typically used to gain entry to networks.

Shanmugam said CSA and relevant agencies are actively dealing with the attack, and are working with critical information infrastructure owners.

Describing UNC3886 as highly sophisticated and persistent in victim networks, he said: “The intent of this threat actor is clear. They are going after high-value and strategic targets.”

If successful, APT attacks could cause a disruption to electricity supply, which could have a knock-on effect on other essential services such as healthcare and transport.

Shanmugam said the number of suspected APT attacks in Singapore has increased more than fourfold from 2021 to 2024.

“There are also economic implications. Our banks, airport, and industries would not be able to operate. Our economy can be substantially impacted,” he said.

He cited APT attacks in Ukraine that caused a power outage. He also cited a cyberattack on a South Korean telecommunications company in April 2025 that exposed the SIM data of nearly 27 million users and caused widespread concern in the country.

“Singapore has been attacked as well. We are a relevant country geopolitically. We are a digital and data hub that connects the world,” he said. “People want to get into our systems, to both influence us and threaten us.”

He highlighted some attacks from APT actors in Singapore that have been made public, but where the culprits were not named due to national security reasons.

These include an incident in 2014, when the authorities detected a security breach in the Ministry of Foreign Affairs’ technology systems. Steps were taken to isolate the affected devices and the networks were strengthened following the discovery.

In what was the first sophisticated attack against universities here, the National University of Singapore and Nanyang Technological University discovered intrusions in their networks in 2017.

No classified data or student personal data was stolen. But the attackers were believed to have targeted the two institutions to steal government and research data. The varsities were involved in government-linked projects for the defence, foreign affairs and transport sectors.

Then in 2018, Singapore experienced its worst data breach involving the personal particulars of 1.5 million patients, including then-prime minister Lee Hsien Loong.

The attacker in the SingHealth breach was said to be persistent in its efforts to penetrate the network, bypass the security measures and illegally access and exfiltrate data.

The attacker is believed to have lurked in the healthcare group’s network for at least nine months. Its mission: to access SingHealth’s electronic medical records system, a critical information infrastructure in Singapore. The unauthorised transfer of sensitive data took place in 2018.

Most recently in 2024, about 2,700 devices in Singapore were discovered to have been infected after CSA took part in a cyber operation against a global botnet.

APT hackers behind the botnet exploited poor cyber hygiene practices to infect devices, including baby monitors and Internet routers. No critical information infrastructure was affected by the attack. THE STRAITS TIMES


Source

Visited 1 times, 1 visit(s) today
Previous Article
Next Article

Recommended For You

Supreme Scheffler a class apart as he romps to first Open title

We found a literal hole in the wall in Tokyo for great coffee at amazing prices

Nothing Phone 3 Gets OS 3.5 Update With New Glyph Features, Camera Enhancements: All Details

Cosme Kitchen Adaptation opening in Shibuya serves tasty vegan, gluten-free and raw food – grape Japan

Donkey Kong Bananza, Grounded 2, Tales of the Shire and More: The Biggest Games in July

EU commissioner shocked by dangers of some goods sold by Shein and Temu | Retail industry

Avatar photo

About the Author: News Hound