Critical infrastructure in S'pore under attack by cyber espionage group: Shanmugam
UNC3886 is said to have targeted prominent strategic organisations on a global scale.
SINGAPORE - The authorities are dealing with an ongoing attack on Singapore's critical information infrastructure by a state-sponsored cyber espionage group UNC3886.
Naming the nation's attacker for the first time on July 18, Coordinating Minister for National Security K. Shanmugam said that Singapore is facing serious threats from state-linked advanced persistent threat (APT) actors.
These are well-resourced attackers that use sophisticated techniques to evade detection. They lurk in networks to spy over the long term to steal sensitive information or disrupt essential services, among other objectives.
'UNC3886 poses a serious threat to us, and has the potential to undermine our national security,' said Mr Shanmugam at the Cyber Security Agency of Singapore's (CSA) 10th anniversary dinner at Sands Expo and Convention Centre.
'Even as we speak, UNC3886 is attacking our critical infrastructure right now.'
Mr Shanmugam did not disclose UNC3886's sponsors, but experts have said that the group is linked to China.
Cybersecurity firm Mandiant first detected the Chinese espionage group in 2022. UNC3886 is said to have targeted prominent strategic organisations - including those in the defence, technology and telecommunication sectors - on a global scale.
Top stories
Swipe. Select. Stay informed.
Singapore Who is UNC3886, the group that attacked S'pore's critical information infrastructure?
Singapore HSA looking to get anti-vape cyber surveillance tool with AI capabilities
Singapore Alleged Kpod peddler filmed trying to flee raid in Bishan charged with 6 offences
Singapore NTU upholds zero grade for student who used AI in essay; panel found 14 false citations or data
Singapore 30% of aviation jobs could be redesigned due to AI, automation; $200m fund to support workers: CAAS
Singapore Former NUH male nurse faces charges after he allegedly molested man at hospital
Singapore Character counts as much as grades, Desmond Lee tells students
APT hackers like UNC3886 gain unauthorised access into networks by employing techniques such as custom malware and tools available on the victim's system to evade detection. Zero-day exploits, which are unpatched vulnerabilities, are also typically used to gain entry to networks.
Mr Shanmugam said CSA and relevant agencies are actively dealing with the attack, and are working with critical information infrastructure owners.
Describing UNC3886 as highly sophisticated and persistent in victim networks, he said: 'The intent of this threat actor is clear. They are going after high value and strategic targets.'
If successful, APT attacks could cause a disruption to electricity supply, which could have a knock-on effect on other essential services such as healthcare or transport.
Mr Shanmugam said the number of suspected APT attacks in Singapore has increased more than four-fold from 2021 to 2024.
'There are also economic implications. Our banks, airport, and industries would not be able to operate. Our economy can be substantially impacted,' he said.
He cited APT attacks in Ukraine that caused a power outage. He also cited a cyber-attack on a South Korean telecommunications company in April 2025 that exposed the SIM data of nearly 27 million users and caused widespread concern in the country.
'Singapore has been attacked as well. We are a relevant country geopolitically. We are a digital and data hub that connects the world,' he said. 'People want to get into our systems, to both influence us and threaten us.'
He highlighted some attacks from APT actors in Singapore that have been made public, but where the culprits were not named due to national security reasons.
These include an incident in 2014, when the authorities detected a security breach in the Ministry of Foreign Affairs' technology systems. Steps were taken to isolate the affected devices and the networks were strengthened following the discovery.
In what was the first sophisticated attack against universities here, National University of Singapore and the Nanyang Technological University discovered intrusions in their networks in 2017.
No classified data or student personal data was stolen. But the attackers were believed to have targeted the two institutions to steal government and research data. The varsities were involved in government-linked projects for the defence, foreign affairs and transport sectors.
Then in 2018, Singapore experienced its worst data breach
involving the personal particulars of 1.5 million patients , including then Prime Minister Lee Hsien Loong.
The attacker in the SingHealth breach was said to be persistent in its efforts to penetrate the network, bypass the security measures and illegally access and exfiltrate data.
The attacker is believed to have lurked in the healthcare group's network for at least nine months. Its mission: to access SingHealth's electronic medical records system, a critical information infrastructure in Singapore. The unauthorised transfer of sensitive data took place in 2018.
Most recently in 2024, about 2,700 devices in Singapore were discovered to have been infected after CSA took part in a cyber operation against a global botnet.
APT hackers behind the botnet exploited poor cyber hygiene practices to infect devices, including baby monitors and internet routers. No critical information infrastructure was affected by the attack.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Straits Times
20 minutes ago
- Straits Times
Firm in India shipped explosives to Russia despite US warnings
Find out what's new on ST website and app. A woman carrying her pet dogs as she flees her home, following a Russian bomb attack on an apartment building in Kharkiv, Ukraine, on July 24. WASHINGTON/KYIV/NEW DELHI - An Indian company shipped US$1.4 million (S$1.7 million) worth of an explosive compound with military uses to Russia in December, according to Indian customs data seen by Reuters, despite US threats to impose sanctions on any entity supporting Russia's war in Ukraine. One of the Russian companies listed as receiving the compound - known as HMX or octogen - is the explosives manufacturer Promsintez, which an official at Ukraine's SBU security service said has ties to the country's military. The official said that Ukraine launched a drone attack in April against a Promsintez-owned factory. According to the Pentagon's Defence Technical Information Centre and related defence research programmes, HMX is widely used in missile and torpedo warheads, rocket motors, exploding projectiles and plastic-bonded explosives for advanced military systems. The US government has identified HMX as 'critical for Russia's war effort' and has warned financial institutions against facilitating any sales of the substance to Moscow. The HMX sale to Russian firms has not been previously reported. Russian defence manufacturers have been working around the clock for the past several years to sustain President Vladimir Putin's war in Ukraine, which intensified with Russia's full-scale invasion of its neighbour in 2022. India, which has recently forged closer ties with the United States in an effort to counterbalance China's growing influence, has not abandoned its longstanding military and economic ties with Moscow. Top stories Swipe. Select. Stay informed. Asia 11 Thai civilians killed as Thai and Cambodian militaries clash at disputed border: Reports Asia Singapore urges all parties in Thailand-Cambodia border dispute to exercise restraint Asia Deadly Thai-Cambodian dispute puts Asean's relevance on the line Life Hulk Hogan, who helped turn pro wrestling into a billion-dollar spectacle, dies at 71 Singapore Avoid water activities around Tuas Second Link, Raffles Marina after chemical tank accident: NEA Singapore Khatib Camp to make way for housing, with its functions moving to Amoy Quee Camp Singapore Mindef to set up new volunteer management unit to grow volunteer pool Singapore Primary 1 registration: 29 schools to conduct ballot in Phase 2B India's trade with Russia - especially its purchases of Russian oil - has remained robust, even as Western nations have tried to cripple Russia's war economy with sanctions. US President Donald Trump threatened earlier in July to hit nations with a 100 per cent tariff if they continued purchasing Russian crude. The US Treasury Department has the authority to sanction those who sell HMX and similar substances to Russia, according to three sanctions lawyers. HMX is known as a 'high explosive', meaning it detonates rapidly and is designed for maximum destruction. Reuters has no indication that the HMX shipments violated Indian government policy. One Indian official with knowledge of the shipments said that the compound has some limited civilian applications, in addition to its better-known military uses. India's foreign ministry said in a statement: 'India has been carrying out exports of dual-use items taking into account its international obligations on non-proliferation, and based on its robust legal and regulatory framework that includes a holistic assessment of relevant criteria on such exports.' The US State Department did not comment on the specific shipments identified by Reuters but said it had repeatedly communicated to India that companies doing military-related business are at risk of sanctions. 'India is a strategic partner with whom we engage in full and frank dialogue, including on India's relationship with Russia,' a spokesperson said. 'We have repeatedly made clear to all our partners, including India, that any foreign company or financial institution that does business with Russia's military industrial base are at risk of US sanctions.' Russia's defence ministry did not respond to a request for comment. 'While India has not typically been among the primary jurisdictions used for circumventing sanctions, we are aware that isolated cases can occur,' Ukrainian presidential adviser Vladyslav Vlasiuk told Reuters. 'We can confirm that the Russian company Promsintez has appeared on our radar in the past, including in connection with cooperation involving Indian counterparts,' added Mr Vlasiuk, President Volodymyr Zelensky's top sanctions official. Washington woos New Delhi Reuters identified two HMX shipments sent in December by Indian firm Ideal Detonators Private Limited, both of which were unloaded in St Petersburg, according to the Indian customs data. An Indian government official with direct knowledge of the shipments confirmed them. One shipment, worth US$405,200, was purchased by a Russian company called High Technology Initiation Systems, the data show. The other shipment, worth more than US$1 million was purchased by Promsintez. Both purchasers are based in Samara Oblast, near the border of Kazakhstan in southern Russia, according to the data. Russian President Vladimir Putin and Defence Minister Andrei Belousov meeting Indian Defence Minister Rajnath Singh in Moscow, in December 2024. PHOTO: REUTERS Ideal Detonators Private Limited, based in the Indian state of Telangana, did not respond to a request for comment. Promsintez and High Technology Initiation Systems also did not respond to requests for comment. While several Indian entities were sanctioned during the administration of former US president Joe Biden for supporting Russia's war effort, sanctions were applied sparingly due to geopolitical considerations, according to two US officials who worked on sanctions under Mr Biden. Under Mr Trump, Russia-related sanctions work has slowed to a trickle, and it is not clear if the United States will take further action against Indian companies doing business with Russia's defence industry. Washington has long sought closer relations with India to pull the South Asian country away from China. Mr Jason Prince, a partner at Washington-based law firm Akin, said the US government often prefers to communicate its concerns privately to allies and only take punitive actions as a last resort. REUTERS
Straits Times
an hour ago
- Straits Times
Singapore urges all parties in Thailand-Cambodia border dispute to exercise restraint
Find out what's new on ST website and app. Smoke rises from a convenience store at a gas station, amid the clashes between Thailand and Cambodia, in Kantharalak district in Thailand on July 24, 2025. SINGAPORE – Singapore has urged all parties to exercise restraint and to de-escalate tensions amid a deadly border dispute between Thailand and Cambodia . 'Singapore is deeply concerned by the clashes, and calls on both countries to exercise restraint and cease hostilities,' the Ministry of Foreign Affairs (MFA) said in a statement on July 24. 'We call on them to de-escalate tensions through diplomatic means and ensure the safety of all civilians.' MFA said there are no reports of Singaporeans injured arising from the border clashes. It urged Singaporeans to defer all travel to the border regions. 'Singaporeans in Cambodia and Thailand are advised to monitor the news closely, heed the local government's advice and remain vigilant for personal safety,' the ministry said. MFA also urged Singaporeans in or travelling to Cambodia and Thailand to e-register with MFA if they have not done so. Those who require consular assistance in Cambodia and Thailand should contact the respective Singapore Embassies in Phnom Penh or Bangkok. They can also contact the MFA duty office, which is open 24 hours. MFA Duty Office (24 hours) Tel: +65 6379 8800 / +65 6379 8855 Email: mfa_duty_officer@ A long-simmering border dispute between Thailand and Cambodia escalated to deadly violence on July 24 as their military forces clashed at multiple spots, leaving at least 12 people dead. The flare-up is part of a broader disagreement with origins stretching back more than a century and involves parts of a region known as the Emerald Triangle, where the boundaries of Thailand, Cambodia and Laos meet.
Straits Times
2 hours ago
- Straits Times
Runaway wallabies spark cross-border hunt in France, Belgium
Find out what's new on ST website and app. Firemen captured one of the fugitives on July 22, but its accomplice was still unaccounted for. BRUSSELS - Two runaway wallabies have sparked a cross-border chase in Belgium and France, with police and firefighters hot on the heels of the fast-hopping marsupials. Firemen captured one of the fugitives on July 22 near the northern French city of Lille – days after the pair broke out of their enclosure in the border town of Mouscron, Belgium. But its accomplice was still unaccounted for on July 24 at noon. The escape took place while their owner was on holiday overseas and had entrusted the care of the animals to a neighbour, said Belgian police. 'We are not combing the area to find it, it could be anywhere,' a Mouscron police spokeswoman told AFP. 'We are mainly waiting for a local resident who might spot him to report his location'. The bouncing duo went on the loose over the weekend and sightings soon spread across the region. Top stories Swipe. Select. Stay informed. Asia 11 Thai civilians killed as Thai and Cambodian militaries clash at disputed border: Reports Asia Deadly Thai-Cambodian dispute puts Asean's relevance on the line Asia Live: People evacuated from border regions amid deadly Thailand-Cambodia clash Singapore Technology can help efforts to shift healthcare delivery towards the community: Ong Ye Kung Singapore Mice industry will need more manpower in areas like technology, sustainability: Alvin Tan Singapore Khatib Camp to make way for housing, with its functions moving to Amoy Quee Camp Singapore Mindef to set up new volunteer management unit to grow volunteer pool Singapore Primary 1 registration: 29 schools to conduct ballot in Phase 2B Footage of the animals hopping around urban areas, at times scared by passing motorists, went viral on social media. 'Thank you for doing everything you can to find these poor animals,' an internet user commented on the Mouscron police Facebook page. The fire department in France's Nord district mused that the marsupials had 'suddenly decided to explore the world around them, far from the Australian plains, closer to the urban jungle'. A smaller member of the kangaroo family, wallabies are native of Australia and the country's rugby team is nicknamed after them. Firefighters in Wattrelos, France, eventually cornered one of the escapees on the evening of July 22 after it ventured into the garden of a residential building. 'An anti-escape net was deployed to prevent the marsupial from making a run for it,' the fire service said. 'Indeed, the main fear was that the animal could cause an accident or injure itself.' It took wildlife specialists two hours to get the wallaby safely inside a cage. It was then 'returned to its kingdom, that of Belgium' and freed back into its enclosure, the fire department said. Owning wallabies and other exotic animals is allowed in Belgium as long as they are fed, cared for and not mistreated. AFP
