Latest news with #CyberSecurityAgency
CNA
29-07-2025
- Business
- CNA
CEOs of critical infrastructure briefed on APT risks prior to Jul 18 announcement on UNC3886 attack
The Cyber Security Agency had convened CEOs of all critical information infrastructure (CII) for a briefing focusing on risks posed by advanced persistent threats (APTs). It took place before Jul 18, when it was announced that Singapore was under attack by by the entity identified as UNC3886. New requirements will be introduced for all CII owners to report incidents suspected to have been caused by APTs. Nicolas Ng with more. The Cyber Security Agency had convened CEOs of all critical information infrastructure (CII) for a briefing focusing on risks posed by advanced persistent threats (APTs). It took place before Jul 18, when it was announced that Singapore was under attack by by the entity identified as UNC3886. New requirements will be introduced for all CII owners to report incidents suspected to have been caused by APTs. Nicolas Ng with more.
Straits Times
29-07-2025
- Business
- Straits Times
Suspected advanced attacks must be reported under Singapore's amended Cybersecurity Act
Find out what's new on ST website and app. Mandatory reporting to Singapore's cyber-security watchdog, Cyber Security Agency, is expected to take effect later in 2025. SINGAPORE - Operators of critical systems such as those that manage Singapore's energy, water and transportation services will soon be required to report suspected advanced persistent threat attacks. Mandatory reporting to Singapore's cyber-security watchdog, Cyber Security Agency, is expected to take effect later in 2025, said Minister for Digital Development and Information Josephine Teo on July 29. The new measure under the amended Cybersecurity Act comes after July 18 's revelation of serious threats from cyber espionage group UNC3886, which experts said is China-linked. It is one of several advanced persistent threat (APT) actors - whose activities have increased more than four-fold from 2021 to 2024 - that target Singapore's critical information infrastructure (CII). 'If organisations suspect that they have been targeted, they cannot and should not confront the attackers on their own,' said Mrs Teo at the 5th annual Operational Technology Cybersecurity Expert Panel forum organised by the Cyber Security Agency of Singapore. 'These requirements will support the early detection of APT activities, and enable CSA to take more timely actions, together with other government agencies, to defend CII owners against the attacks.' APT actors are typically state-sponsored and are well resourced. They use advanced tools to evade detection, lurk in high-value networks and spy over the long term to steal sensitive information or disrupt essential services. Singapore's 11 CII sectors are aviation, healthcare, land transport, maritime, media, security and emergency services, water, banking and finance, energy, infocomm and government. Singapore's Cybersecurity Act was last amended in 2024 to expand CSA's oversight to include risks that come from suppliers and cloud services. In particular, CII operators must declare any cyber-security outage, and attack on their premises or along their supply chain. Soon the mandatory reporting of APT attacks will be included as part of CSA's expanded oversight. The amended Act, its first update since the law came into force in 2018, also require temporary systems set up to support high-profile events - such as vaccines distribution and key international summits - to come under CSA's supervision. Until recently, Singapore had not publicly said much about APT activity, or named any of the groups involved. 'Why are we doing so for the first time?' said Mrs Teo. 'We want the public to know that these threats are not imagined, but real,' she said, adding that the potential consequences to Singapore's economy and society are very serious. She cited the losses some countries suffered in recent years, such as how 600 Ukrainian homes lost heating for two days during the winter in January 2024 after a malware was used to exploit a zero-day vulnerability in Internet-facing routers. Separately, the hacking of a Norwegian dam's systems in April caused seven billion litres of water to be released. While the damage may have been limited in this instance, this could have resulted in more dire consequences such as flooding or disruptions to essential services, said Mrs Teo. 'The owners of CIIs must raise your vigilance, because you provide essential services that Singapore and Singaporeans depend on. The threats you face are no longer simple ransomware attacks. APTs have you in their sights,' said Mrs Teo. Singapore is currently in a heightened state of alert following the UNC3886 attack and increased APT activities. The government is actively working with CII owners to enhance the security of critical systems, said Mrs Teo. She added that CSA has brought together the chief executives of all CII owners for a classified briefing on Singapore's threat landscape. The OTCEP forum is another platform to prepare critical sectors through engagements with tech providers and experts. On July 29, CSA signed a memorandum of collaboration with ST Engineering to jointly study and develop operational technology tools for the critical services sectors. 'A partnership approach will help to ensure a safe and resilient digital future for Singapore,' said Mrs Teo.
The Star
21-07-2025
- Politics
- The Star
Singapore military helps battle cyberattack:, says minister
The Merlion statue in the central business district of Singapore. Chan described the cyberattack as 'one example of the emerging threats' that the military has to handle, the reports said. — Bloomberg SINGAPORE: Units in Singapore's military have been called in to help combat a cyberattack against critical infrastructure, the country's defence minister said on July 19 – a hack attempt attributed to an espionage group experts have linked to China. Defence Minister Chan Chun Sing said these select units will work with the Cyber Security Agency (CSA) in a united government response to the threat, local media reported. Chan described the cyberattack as "one example of the emerging threats" that the military has to handle, the reports said. There have been no reported breaches so far. Coordinating Minister for National Security K. Shanmugam first disclosed the attack late Friday, describing it as a type of Advanced Persistent Threat (APT) that poses a serious danger to the city-state. An APT refers to a cyberattack in which an intruder establishes and maintains unauthorised access to a target, remaining undetected for a sustained period of time. "I can say that it is serious and it is ongoing. And it has been identified to be UNC3886," Shanmugam said, referring to the alleged attackers. Shanmugam, who is also home affairs minister, did not elaborate in his speech on the group's sponsors or the origin of the attack. But Google-owned cybersecurity firm Mandiant described UNC3886 as a "highly adept China-nexus cyber espionage group". APT actors typically steal sensitive information and disrupt essential services, such as healthcare, telecoms, water, transport and power, Shanmugam said. "If it succeeds, it can conduct espionage and it can cause major disruption to Singapore and Singaporeans," he added. 'Stealthy opponents' A successful breach of Singapore's power system, for example, could wreak havoc with the electricity supply, with knock-on effects on essential services, such as healthcare and transport. "There are also economic implications. Our banks, airports and industries would not be able to operate. Our economy can be substantially affected," Shanmugam said. Between 2021 and 2024, suspected APTs against Singapore increased more than fourfold. A cyber breach of a public healthcare cluster in 2018 accessed the medication records of about 160,000 patients, including then prime minister Lee Hsien Loong. Beijing's embassy in Singapore on Saturday expressed "strong dissatisfaction" with media reports linking UNC3886 to China. In a statement, the embassy said it "firmly opposes any unwarranted smearing of China" and that "in fact, China is one of the main victims of cyberattacks". The statement added: "China firmly opposes and cracks down on all forms of cyberattacks in accordance with the law. China does not encourage, support, or condone hacking activities." Asked by reporters Saturday about the link between UNC3886 and China, The Straits Times newspaper quoted Shanmugam as saying: "As far as the Singapore government is concerned, we can say we are confident that it is this particular organisation. Who they are linked to, and how they operate, is not something I want to go into." Information Minister Josephine Teo said in a Facebook post Saturday that the alleged attacker was publicly named because it was "important for Singaporeans to know where the attack is coming from and what the potential consequences will be". The attack on Singapore's critical infrastructure "highlights the extraordinary challenges posed by APT actors," said Satnam Narang, senior staff research engineer at US-based cybersecurity firm Tenable. "Combating such stealthy opponents is becoming increasingly demanding as the scale and complexity of IT infrastructure that organisations and nations must defend continues to grow," he said. – AFP
Express Tribune
20-07-2025
- Politics
- Express Tribune
Singapore military called in to combat cyberattack
Units in Singapore's military have been called in to help combat a cyberattack against critical infrastructure, the country's defence minister said Saturday -- a hack attempt attributed to an espionage group experts have linked to China. Defence Minister Chan Chun Sing said these select units will work with the Cyber Security Agency (CSA) in a united government response to the threat, local media reported. Chan described the cyberattack as "one example of the emerging threats" that the military has to handle, the reports said. There have been no reported breaches so far. Coordinating Minister for National Security K. Shanmugam first disclosed the attack late Friday, describing it as a type of Advanced Persistent Threat (APT) that poses a serious danger to the city-state. An APT refers to a cyberattack in which an intruder establishes and maintains unauthorised access to a target, remaining undetected for a sustained period of time. "I can say that it is serious and it is ongoing. And it has been identified to be UNC3886," Shanmugam said, referring to the alleged attackers. Shanmugam, who is also home affairs minister, did not elaborate in his speech on the group's sponsors or the origin of the attack. But Google-owned cybersecurity firm Mandiant described UNC3886 as a "highly adept China-nexus cyber espionage group". APT actors typically steal sensitive information and disrupt essential services, such as healthcare, telecoms, water, transport and power, Shanmugam said. "If it succeeds, it can conduct espionage and it can cause major disruption to Singapore and Singaporeans," he added.
Int'l Business Times
19-07-2025
- Politics
- Int'l Business Times
Singapore Military Helps Battle Cyberattack: Minister
Units in Singapore's military have been called in to help combat a cyberattack against critical infrastructure, the country's defence minister said Saturday -- a hack attempt attributed to an espionage group experts have linked to China. Defence Minister Chan Chun Sing said these select units will work with the Cyber Security Agency (CSA) in a united government response to the threat, local media reported. Chan described the cyberattack as "one example of the emerging threats" that the military has to handle, the reports said. There have been no reported breaches so far. Coordinating Minister for National Security K. Shanmugam first disclosed the attack late Friday, describing it as a type of Advanced Persistent Threat (APT) that poses a serious danger to the city-state. An APT refers to a cyberattack in which an intruder establishes and maintains unauthorised access to a target, remaining undetected for a sustained period of time. "I can say that it is serious and it is ongoing. And it has been identified to be UNC3886," Shanmugam said, referring to the alleged attackers. Shanmugam, who is also home affairs minister, did not elaborate in his speech on the group's sponsors or the origin of the attack. But Google-owned cybersecurity firm Mandiant described UNC3886 as a "highly adept China-nexus cyber espionage group". APT actors typically steal sensitive information and disrupt essential services, such as healthcare, telecoms, water, transport and power, Shanmugam said. "If it succeeds, it can conduct espionage and it can cause major disruption to Singapore and Singaporeans," he added. A successful breach of Singapore's power system, for example, could wreak havoc with the electricity supply, with knock-on effects on essential services, such as healthcare and transport. "There are also economic implications. Our banks, airports and industries would not be able to operate. Our economy can be substantially affected," Shanmugam said. Between 2021 and 2024, suspected APTs against Singapore increased more than fourfold. A cyber breach of a public healthcare cluster in 2018 accessed the medication records of about 160,000 patients, including then prime minister Lee Hsien Loong. Beijing's embassy in Singapore on Saturday expressed "strong dissatisfaction" with media reports linking UNC3886 to China. In a statement, the embassy said it "firmly opposes any unwarranted smearing of China" and that "in fact, China is one of the main victims of cyberattacks". The statement added: "China firmly opposes and cracks down on all forms of cyberattacks in accordance with the law. China does not encourage, support, or condone hacking activities." Asked by reporters Saturday about the link between UNC3886 and China, The Straits Times newspaper quoted Shanmugam as saying: "As far as the Singapore government is concerned, we can say we are confident that it is this particular organisation. Who they are linked to, and how they operate, is not something I want to go into." Information Minister Josephine Teo said in a Facebook post Saturday that the alleged attacker was publicly named because it was "important for Singaporeans to know where the attack is coming from and what the potential consequences will be". The attack on Singapore's critical infrastructure "highlights the extraordinary challenges posed by APT actors," said Satnam Narang, senior staff research engineer at US-based cybersecurity firm Tenable. "Combating such stealthy opponents is becoming increasingly demanding as the scale and complexity of IT infrastructure that organisations and nations must defend continues to grow," he said.
