logo
Critical infrastructure in Singapore under attack by cyber espionage group: Shanmugam

Critical infrastructure in Singapore under attack by cyber espionage group: Shanmugam

AsiaOne19-07-2025
SINGAPORE - The authorities are dealing with an ongoing attack on Singapore's critical information infrastructure by a state-sponsored cyber espionage group, UNC3886.
Naming the nation's attacker for the first time on Friday (July 18), Coordinating Minister for National Security K. Shanmugam said that Singapore is facing serious threats from state-linked advanced persistent threat (APT) actors.
These are well-resourced attackers that use sophisticated techniques to evade detection. They lurk in networks to spy over the long term, to steal sensitive information or disrupt essential services, among other objectives.
"UNC3886 poses a serious threat to us, and has the potential to undermine our national security," said Mr Shanmugam at the Cyber Security Agency of Singapore's (CSA) 10th anniversary dinner at Sands Expo and Convention Centre.
"Even as we speak, UNC3886 is attacking our critical infrastructure right now."
Mr Shanmugam, who is also Home Affairs Minister, did not disclose UNC3886's sponsors, but experts have said that the group is linked to China.
Cyber-security firm Mandiant first detected the Chinese espionage group in 2022. UNC3886 is said to have targeted prominent strategic organisations - including those in the defence, technology and telecommunication sectors - on a global scale.
APT hackers like UNC3886 gain unauthorised access into networks by employing techniques such as custom malware and tools available on the victim's system to evade detection. Zero-day exploits, which are unpatched vulnerabilities, are also typically used to gain entry to networks.
Mr Shanmugam said CSA and relevant agencies are actively dealing with the attack, and are working with relevant critical information infrastructure owners.
Describing UNC3886 as highly sophisticated and persistent in victim networks, he said: "The intent of this threat actor in attacking Singapore is quite clear. They are going after high-value, strategic targets - vital infrastructure that delivers our essential services.
"If it succeeds, it can conduct espionage, and it can cause major disruption to Singapore and Singaporeans."
Mr Shanmugam said the number of suspected APT attacks in Singapore has increased more than fourfold from 2021 to 2024.
Illustrating how APTs seriously threaten national security, Mr Shanmugam said a cyber attack on Singapore's power system could disrupt its electricity supply, which could have a knock-on effect on other essential services such as healthcare or transport.
"There are also economic implications. Our banks, airport and industries would not be able to operate. Our economy can be substantially affected," he said.
Attacks on Singapore's telco systems and payment systems can have very serious consequences too, he added.
He said attacks on the nation's systems and infrastructure will impact how it does business, with Singapore having to relook its vendors and supply chains.
Trust and confidence in Singapore as a whole can also be affected, he added.
"Businesses may shy away if they are unsure about our systems - whether the systems are clean, resilient, safe," he said.
Mr Shanmugam cited APT attacks in Ukraine that caused a power outage. He also cited a cyber attack on a South Korean telecommunications company in April 2025 that exposed the SIM data of nearly 27 million users and caused widespread concern in the country.
"Singapore has been attacked as well. We are a relevant country geopolitically. We are a digital and data hub that connects the world," he said. "People want to get into our systems, to both influence us and threaten us."
He highlighted some attacks from APT actors in Singapore that have been made public, but where the culprits were not named due to national security reasons.
These include an incident in 2014 when the authorities detected a security breach in the Ministry of Foreign Affairs' technology systems. Steps were taken to isolate the affected devices, and the networks were strengthened following the discovery.
In what was the first sophisticated attack against universities here, NUS and NTU discovered intrusions in their networks in 2017.
No classified data or student personal data was stolen. But the attackers were believed to have targeted the two institutions to steal government and research data. The universities were involved in government-linked projects for the defence, foreign affairs and transport sectors.
Then in 2018, Singapore experienced its worst data breach involving the personal particulars of 1.5 million patients, including then Prime Minister Lee Hsien Loong.
The attacker in the SingHealth breach was said to be persistent in its efforts to penetrate the network, bypass the security measures, and illegally access and exfiltrate data.
The attacker is believed to have lurked in the healthcare group's network for at least nine months. Its mission: to access SingHealth's electronic medical records system, which is critical information infrastructure in Singapore. The unauthorised transfer of sensitive data took place in 2018.
Most recently in 2024, about 2,700 devices in Singapore were discovered to have been infected after CSA took part in a cyber operation against a global botnet.
APT hackers behind the botnet exploited poor cyber hygiene practices to infect devices, including baby monitors and internet routers. No critical information infrastructure was affected by the attack.
Mr Shanmugam said Singapore has been and continues to be attacked by cyber threat actors.
He cited a survey which showed that nearly 80 per cent of organisations in Singapore have experienced some form of cyber attack.
At the event on July 18, CSA chief executive David Koh noted that cyberspace is contested, and that the agency is on the front line of this dynamic domain.
"We will continue to be agile, to adapt to emerging threats, and to demonstrate our collective will and commitment to secure Singapore's cyberspace," he added.
This article was first published in The Straits Times. Permission required for reproduction.
Orange background

Try Our AI Features

Explore what Daily8 AI can do for you:

Comments

No comments yet...

Related Articles

Forum: Preventing radicalisation demands a whole-of-society effort
Forum: Preventing radicalisation demands a whole-of-society effort

Straits Times

timean hour ago

  • Straits Times

Forum: Preventing radicalisation demands a whole-of-society effort

Sign up now: Get ST's newsletters delivered to your inbox I read with interest the article ' Online platforms halve time it takes for Singaporeans to be self-radicalised: ISD ' (July 29). The Internal Security Department's (ISD) latest report revealing that online platforms and chat groups have halved the time it takes for Singaporeans to be self-radicalised is deeply concerning and ought to galvanise a strong, united response from all of us. That some of those radicalised are minors makes this even more urgent. We are witnessing a rapidly evolving terrorism threat. Radicalisation no longer requires face-to-face contact or overseas travel. Today, a smartphone and internet connection are all it takes. In a matter of weeks, individuals, especially youth, can be drawn into echo chambers that glorify violence, justify hatred, and distort religion or ideology. What makes this trend especially insidious is how extremist narratives are packaged in memes, gaming slang, and short-form videos. These messages are not hidden in obscure forums. Rather, they are present on platforms youth use daily: Telegram, Discord, Reddit, YouTube, and even gaming servers and TikTok. ISD's work in early detection and rehabilitation is commendable, but no security agency can act alone. The front line now lies in our homes, classrooms and places of worship. Parents must stay alert to not only distress or delinquency, but also subtle shifts in language and world view. Teachers and counsellors need support to have conversations about identity, belonging, and online influence. Religious and community leaders play a key role in debunking harmful ideologies and offering guidance to those who feel disillusioned or marginalised. Digital literacy must also evolve. It should go beyond spotting fake news to include the ability to question ideological content and reject black-and-white thinking. Our youth must be taught not just how to avoid scams or cyber bullying, but also how to critically navigate a complex and often manipulative online space. The task of preventing radicalisation demands a whole-of-society effort. Just as we rallied together during the pandemic and other national challenges, we must now bring that same vigilance to protecting our young and preserving our social harmony. Irwan Jamil

S-E Asia's transshipments a target as US takes aim at China's supply chains
S-E Asia's transshipments a target as US takes aim at China's supply chains

Straits Times

timean hour ago

  • Straits Times

S-E Asia's transshipments a target as US takes aim at China's supply chains

Sign up now: Get ST's newsletters delivered to your inbox Some analysts believe the ultimate goal of the focus on transshipment is an attempt to reshape South-east Asia's trade dynamics. SINGAPORE - US President Donald Trump is dragging South-east Asian countries deeper into his trade war with China, insisting they crack down harder on Chinese exporters allegedly using them to dodge his tariffs, analysts said. After complaining for years, the Trump administration has finally zeroed in on the region's transshipment trade – a logistics strategy to facilitate the efficient movement of goods through strategically located hubs.

Trump says he thinks US will have a ‘very fair deal' on trade with China
Trump says he thinks US will have a ‘very fair deal' on trade with China

Straits Times

timean hour ago

  • Straits Times

Trump says he thinks US will have a ‘very fair deal' on trade with China

Sign up now: Get ST's newsletters delivered to your inbox China is facing an Aug 12 deadline to reach a durable tariff agreement with Mr Trump's administration. WASHINGTON - US President Donald Trump said on July 30y that talks were moving along with China and he expected the two sides would reach a fair deal on trade. 'We're moving along with China. We're doing fine with China,' Mr Trump told reporters at the White House. 'I think it's going to work out very well. We're right in step. I think we're going to have a very fair deal with China.' US and Chinese officials met in Stockholm on July 28 for more than five hours of talks aimed at resolving economic disputes with a goal of extending their truce on a trade war by three months. China is facing an Aug 12 deadline to reach a durable tariff agreement with Mr Trump's administration, after Beijing and Washington reached preliminary deals in May and June to end escalating tit-for-tat tariffs and a cut-off of rare earth minerals. Mr Trump's administration has agreed trade deals with the European Union, Britain and Japan. It is negotiating with multiple other countries to achieve more. REUTERS Top stories Swipe. Select. Stay informed. Singapore Water supply issues during Toa Payoh blaze affected firefighting operations; SCDF investigating Singapore 3 taken to hospital after fire in Marsiling flat Singapore School, parents on alert after vape peddlers approach primary school pupil Singapore Tampines, Toa Payoh BTO flats most popular among first-time home buyers in July HDB launch Sport Leon Marchand sets first world record at World Aquatics C'ships in Singapore Singapore Jail, fine for man linked to case involving 3 bank accounts that received over $680m in total Singapore Provision shop owner who raped 11-year-old gets more than 14 years' jail Singapore Escape, discover, connect: Where new memories are made

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into a world of global content with local flavor? Download Daily8 app today from your preferred app store and start exploring.
app-storeplay-store