Singapore’s national security minister said the country is actively dealing with a “sophisticated” cyber-attack group backed by the Chinese government that is targeting critical infrastructure.
Speaking at an event to mark the tenth anniversary of the founding of the Cyber Security Agency of Singapore, coordinating minister for national security K Shanmugam identified the attack group as UNC3886.
The group is identified by Google-owned Mandiant as a “China-nexus espionage group” that has targeted prominent strategic organisations around the world.
Critical infrastructure
Singapore’s critical sectors include energy, water, banking and finance, healthcare, transport, government, information and communications, media, and security and emergency services, the CSA said.
The attack group poses a serious threat to Singapore and could undermine national security, said Shanmugam, who is also home affairs minister.
He declined to give further details of the attacks, citing national security interests.
Between 2021 and 2024 attacks suspected to originate from advanced persistent threats, or APTs, increased more than fourfold, he said.
UNC3886 uses advanced tools to compromise systems and is able to evade detection while maintaining persistent access to victim networks, the minister said.
“The intent of this threat actor in attacking Singapore is quite clear. It is going after high-value strategic threat targets, vital infrastructure that deliver essential services,” said Shanmugam.
Espionage
“If it succeeds, it can conduct espionage and it can cause major disruption to Singapore and Singaporeans.”
He said that in addition to critical systems, targets for cyber-attackers now include the entire supply chain and even embedded systems such as home routers, baby monitors and internet-linked home security cameras.
Last year attackers took over more than 2,700 such devices in Singapore for use in a global botnet that could be used to launch attacks on various targets.
China has denied being involved in hacking and says it is the victim of such attacks.