Critical infrastructure in S'pore under attack by cyber espionage group: Shanmugam
UNC3886 is said to have targeted prominent strategic organisations on a global scale.
SINGAPORE - The authorities are dealing with an ongoing attack on Singapore's critical information infrastructure by a state-sponsored cyber espionage group UNC3886.
Naming the nation's attacker for the first time on July 18, Coordinating Minister for National Security K. Shanmugam said that Singapore is facing serious threats from state-linked advanced persistent threat (APT) actors.
These are well-resourced attackers that use sophisticated techniques to evade detection. They lurk in networks to spy over the long term to steal sensitive information or disrupt essential services, among other objectives.
'UNC3886 poses a serious threat to us, and has the potential to undermine our national security,' said Mr Shanmugam at the Cyber Security Agency of Singapore's (CSA) 10th anniversary dinner at Sands Expo and Convention Centre.
'Even as we speak, UNC3886 is attacking our critical infrastructure right now.'
Mr Shanmugam did not disclose UNC3886's sponsors, but experts have said that the group is linked to China.
Cybersecurity firm Mandiant first detected the Chinese espionage group in 2022. UNC3886 is said to have targeted prominent strategic organisations - including those in the defence, technology and telecommunication sectors - on a global scale.
Top stories
Swipe. Select. Stay informed.
Singapore Who is UNC3886, the group that attacked S'pore's critical information infrastructure?
Singapore HSA looking to get anti-vape cyber surveillance tool with AI capabilities
Singapore Alleged Kpod peddler filmed trying to flee raid in Bishan charged with 6 offences
Singapore NTU upholds zero grade for student who used AI in essay; panel found 14 false citations or data
Singapore 30% of aviation jobs could be redesigned due to AI, automation; $200m fund to support workers: CAAS
Singapore Former NUH male nurse faces charges after he allegedly molested man at hospital
Singapore Character counts as much as grades, Desmond Lee tells students
APT hackers like UNC3886 gain unauthorised access into networks by employing techniques such as custom malware and tools available on the victim's system to evade detection. Zero-day exploits, which are unpatched vulnerabilities, are also typically used to gain entry to networks.
Mr Shanmugam said CSA and relevant agencies are actively dealing with the attack, and are working with critical information infrastructure owners.
Describing UNC3886 as highly sophisticated and persistent in victim networks, he said: 'The intent of this threat actor is clear. They are going after high value and strategic targets.'
If successful, APT attacks could cause a disruption to electricity supply, which could have a knock-on effect on other essential services such as healthcare or transport.
Mr Shanmugam said the number of suspected APT attacks in Singapore has increased more than four-fold from 2021 to 2024.
'There are also economic implications. Our banks, airport, and industries would not be able to operate. Our economy can be substantially impacted,' he said.
He cited APT attacks in Ukraine that caused a power outage. He also cited a cyber-attack on a South Korean telecommunications company in April 2025 that exposed the SIM data of nearly 27 million users and caused widespread concern in the country.
'Singapore has been attacked as well. We are a relevant country geopolitically. We are a digital and data hub that connects the world,' he said. 'People want to get into our systems, to both influence us and threaten us.'
He highlighted some attacks from APT actors in Singapore that have been made public, but where the culprits were not named due to national security reasons.
These include an incident in 2014, when the authorities detected a security breach in the Ministry of Foreign Affairs' technology systems. Steps were taken to isolate the affected devices and the networks were strengthened following the discovery.
In what was the first sophisticated attack against universities here, National University of Singapore and the Nanyang Technological University discovered intrusions in their networks in 2017.
No classified data or student personal data was stolen. But the attackers were believed to have targeted the two institutions to steal government and research data. The varsities were involved in government-linked projects for the defence, foreign affairs and transport sectors.
Then in 2018, Singapore experienced its worst data breach
involving the personal particulars of 1.5 million patients , including then Prime Minister Lee Hsien Loong.
The attacker in the SingHealth breach was said to be persistent in its efforts to penetrate the network, bypass the security measures and illegally access and exfiltrate data.
The attacker is believed to have lurked in the healthcare group's network for at least nine months. Its mission: to access SingHealth's electronic medical records system, a critical information infrastructure in Singapore. The unauthorised transfer of sensitive data took place in 2018.
Most recently in 2024, about 2,700 devices in Singapore were discovered to have been infected after CSA took part in a cyber operation against a global botnet.
APT hackers behind the botnet exploited poor cyber hygiene practices to infect devices, including baby monitors and internet routers. No critical information infrastructure was affected by the attack.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
New Paper
6 hours ago
- New Paper
Woman gets sole custody of son, 14, who rejects 'tiger dad'
A senior consultant doctor has been awarded sole custody of her 14-year-old son, who threatened to commit self-harm if he had to live with his "tiger dad". The boy accused his father of forcing him to finish his Chinese homework while in tears, and compelling him to change co-curricular activities in order to get into a prestigious school. The High Court also ruled that the husband, a 52-year-old Australian who is now a permanent resident, should receive 69 per cent of their marital assets while the wife received 31 per cent. The court calculated the couple's assets at $8,673,727, including private homes in Pasir Panjang and Clementi, as well as stocks, savings, and jewelry. Son refused contact with father Shin Min Daily News reported that the couple got married in Feb 2009. The 50-year-old woman works in a hospital, while the man is an ex-investment analyst who retired in 2013. After moving out of the marital home, the woman filed for divorce in 2021, and the two went to court over their marital assets and son. Although the two initially agreed to share custody of their son, the woman demanded sole care and custody of the boy, claiming that father and son had a bad relationship. In July 2022, the court issued a temporary order granting permission for the boy to stay overnight with his father. Upon learning of this, the boy told his principal that he felt pressured and afraid to communicate with his father, saying he would resort to self-harm if he had to live with him. The woman said that as the man insisted on meeting his son, the boy eventually ran away from home. Sold custody awarded to the mother During a recent appearance before a judge, the boy accused his father of being overly focused on his academic performance. He claimed that as a child, his father ignored him while he was crying on his mother's lap and insisted he complete his Chinese tuition. The boy also accused his father of forbidding him from taking part in his floorball co-curricular activity, instead forcing him to take up tennis to improve his chances of getting into his desired secondary school through the direct admission program. Because the son repeatedly said that he did not want to have any contact with his father, the judge awarded the son's custody, care and supervision to his mother. He also ordered the husband to video chat with his son for half an hour every week under the supervision of a counselor for a period of six months. If the relationship between the two progresses, adjustments will be made afterwards.
Straits Times
8 hours ago
- Straits Times
Armed groups attack security force personnel in Syria's Sweida, killing one, state TV reports
Sign up now: Get ST's newsletters delivered to your inbox Armed groups attacked personnel from Syria's internal security forces in Sweida, killing one member and wounding others, and fired shells at several villages in the violence-hit southern province, state-run Ekhbariya TV reported on Sunday. The report cited a security source as saying the armed groups had violated the ceasefire agreed in the predominantly Druze region, where factional bloodshed killed hundreds of people last month. Violence in Sweida erupted on July 13 between tribal fighters and Druze factions. Government forces were sent to quell the fighting, but the bloodshed worsened, and Israel carried out strikes on Syrian troops in the name of the Druze. The Druze are a minority offshoot of Islam with followers in Syria, Lebanon and Israel. Sweida province is predominantly Druze but is also home to Sunni tribes, and the communities have had long-standing tensions over land and other resources. A U.S.-brokered truce ended the fighting, which had raged in Sweida city and surrounding towns for nearly a week. Syria said it would investigate the clashes, setting up a committee to investigate the attacks. The Sweida bloodshed last month was a major test for interim President Ahmed al-Sharaa, after a wave of sectarian violence in March that killed hundreds of Alawite citizens in the coastal region. REUTERS
Straits Times
9 hours ago
- Straits Times
China can buy Nvidia H20 chips again. But it's not all good news
Sign up now: Get ST's newsletters delivered to your inbox The Cyberspace Administration of China on July 31 flagged concerns about possible 'backdoor' security risks associated with the H20 chips, which American chipmaker Nvidia has denied. – Two weeks after Nvidia's chief executive Jensen Huang mounted a charm offensive to court the Chinese market, the American chip giant found itself once again the centre of attention in Beijing – and not in a good way. 'Nvidia, how can I trust you?' So read the headline of a commentary published by the People's Daily, the communist party's mouthpiece, a day after Chinese regulators summoned on July 31 the company's representatives over what they deemed 'serious security issues' related to its chips. The processor in question, known as the H20, was until recently the most advanced chip that Nvidia could sell to China under US restrictions. Washington effectively banned their exports in April amid an escalating trade war, but said in July that it would allow sales to resume. Some US officials touted the easing of export controls as a negotiating chip in ongoing trade talks with Beijing. But this apparent concession, analysts say, is not necessarily all good news for China. 'The reversal of the H20 ban offers short-term relief for China's artificial intelligence (AI) industry,' said Mr Charlie Dai, a vice president and principal analyst at advisory firm Forrester Research. 'On the other hand, it could slow domestic chipset adoption and impact the pace of technology self-reliance (amid) ongoing geopolitical frictions.' A taste for Nvidia China has been advocating the use of homegrown chips by its companies as part of a broader push for self-reliance, including in key technologies such as AI. Top stories Swipe. Select. Stay informed. Singapore LTA, Singapore bus operators reviewing Malaysia's request to start services from JB at 4am Singapore Despite bag checks and warnings, young partygoers continue to vape in clubs in Singapore Singapore President Tharman meets migrant workers who saved driver of car that fell into sinkhole Singapore Now flying solo, Acres CEO Kalaivanan Balakrishnan presses ahead with wildlife rescue efforts Opinion The charm – and drawbacks – of living in a time warp in Singapore Business UMS Integration becomes first SGX company with secondary listing in Malaysia Singapore Ong Beng Seng to plead guilty on Aug 4, more than 2 years after trip to Qatar with Iswaran Business Decoupling to save on tax? You may lose right to property if ties go awry Despite this, many Chinese AI firms – in particular private tech giants – are said to still prefer using Nvidia's H20s to train and run their models, even though the chips are not Nvidia's most powerful. After the US announced a lifting of its export ban, news agency Reuters reported that Chinese companies were scrambling to buy the H20s, citing sources. It also said that Nvidia had placed fresh orders for 300,000 chipsets from its contract manufacturer amid strong Chinese demand. 'The general sense is that Chinese customers, especially Bytedance, Baidu, Tencent and Alibaba, still prefer Nvidia's solutions, whether it's H20 or whatever comes next,' said Mr Ray Wang, research director for semiconductors, supply chain and emerging tech at advisory firm The Futurum Group. Nvidia's edge over its Chinese rivals – which 'continue to improve' – is manifold for now, he explained. Its hardware has larger memory bandwidth, making it better for inference tasks, or the application of trained AI models that makes them useful in the real world. The company also has a stronger software platform with which to program the chips, as well as more capable networking technology to harness the combined performance of hundreds and thousands of processors, Mr Wang said. Importantly, he added, Chinese firms' rivalry with Huawei – seen as the biggest domestic rival to Nvidia on the chip front – also fuels their preference for the American chipmaker. Huawei has a sprawling business empire that boasts not just chipsets, but also extends to cloud computing and AI model development. This puts them in direct competition with the other tech giants. Mr Wang said: 'So if you're Alibaba or Tencent, do you want to source your most important computing resources from Huawei?' The push for self-reliance Nvidia's current advantages notwithstanding, analysts say that China will simultaneously double down on growing its domestic chip ecosystem – a goal that could be helped by regulators' recent scrutiny of the American firm. The Cyberspace Administration of China had on July 31 flagged concerns about possible 'backdoor' security risks associated with the H20 chips, which Nvidia has denied . A People's Daily commentary released on social media the next day sketched out possible 'nightmare' scenarios associated with such risks, such as electric cars suddenly losing power on the highway. It asked the company to provide proof of the chips' security to alleviate users' worries. The regulators' move 'will likely cause Chinese tech firms to temporarily curb adoption (of the H20) due to fears of potential vulnerabilities and regulatory uncertainty, despite strong underlying demand,' said Mr Dai of Forrester Research. He added that even as companies' continued reliance on Nvidia's superior AI capabilities may sustain some purchases of its chips, he expected firms to simultaneously also accelerate shifts towards domestic alternatives. Mr Su Lian Jye, chief analyst at technology research firm Omdia, said that Chinese firms in recent years had already been buying more homegrown chipsets or developing their own amid sharpening geopolitical tensions. These include China's three major telcos, banks, cloud service providers, and various other state-linked companies, he said. Tech giants including Baidu and Alibaba are also developing their own chips. In recent weeks, following news that Nvidia would once again be allowed to ship H20s to China, local firms have spoken up about strengthening support for homegrown chipmakers. On July 25, AI start-up StepFun, a model developer, announced an 'ecosystem innovation alliance' with several domestic chip companies including Huawei, Cambricon, Moore Threads and MetaX, news outlet Caixin reported. The same day, StepFun released a large language model that was developed with the properties of domestic chips in mind, the report also said. Separately, co-founder of cyber-security company Qihoo 360 Zhou Hongyi said on July 23 that his company had turned to procuring domestic chips, and that its recent purchases had all been of Huawei products, news outlet Yicai reported. The company, which has also branched into AI, is on the US' entity list, which restricts access to American technology. Mr Zhou acknowledged that there was a 'gap' between Chinese chips and Nvidia's, but stressed the need to use domestic processors anyway, in comments that were videoed and uploaded to social media. 'If you don't use them, the gap will always be there,' he said. 'The more (you) use them, the more they will improve.'
