Latest news with #CyberSecurityAgencyofSingapore
AsiaOne
19-07-2025
- Politics
- AsiaOne
Critical infrastructure in Singapore under attack by cyber espionage group: Shanmugam, Singapore News
SINGAPORE - The authorities are dealing with an ongoing attack on Singapore's critical information infrastructure by a state-sponsored cyber espionage group, UNC3886. Naming the nation's attacker for the first time on Friday (July 18), Coordinating Minister for National Security K. Shanmugam said that Singapore is facing serious threats from state-linked advanced persistent threat (APT) actors. These are well-resourced attackers that use sophisticated techniques to evade detection. They lurk in networks to spy over the long term, to steal sensitive information or disrupt essential services, among other objectives. "UNC3886 poses a serious threat to us, and has the potential to undermine our national security," said Mr Shanmugam at the Cyber Security Agency of Singapore's (CSA) 10th anniversary dinner at Sands Expo and Convention Centre. "Even as we speak, UNC3886 is attacking our critical infrastructure right now." Mr Shanmugam, who is also Home Affairs Minister, did not disclose UNC3886's sponsors, but experts have said that the group is linked to China. Cyber-security firm Mandiant first detected the Chinese espionage group in 2022. UNC3886 is said to have targeted prominent strategic organisations - including those in the defence, technology and telecommunication sectors - on a global scale. APT hackers like UNC3886 gain unauthorised access into networks by employing techniques such as custom malware and tools available on the victim's system to evade detection. Zero-day exploits, which are unpatched vulnerabilities, are also typically used to gain entry to networks. Mr Shanmugam said CSA and relevant agencies are actively dealing with the attack, and are working with relevant critical information infrastructure owners. Describing UNC3886 as highly sophisticated and persistent in victim networks, he said: "The intent of this threat actor in attacking Singapore is quite clear. They are going after high-value, strategic targets - vital infrastructure that delivers our essential services. "If it succeeds, it can conduct espionage, and it can cause major disruption to Singapore and Singaporeans." Mr Shanmugam said the number of suspected APT attacks in Singapore has increased more than fourfold from 2021 to 2024. Illustrating how APTs seriously threaten national security, Mr Shanmugam said a cyber attack on Singapore's power system could disrupt its electricity supply, which could have a knock-on effect on other essential services such as healthcare or transport. "There are also economic implications. Our banks, airport and industries would not be able to operate. Our economy can be substantially affected," he said. Attacks on Singapore's telco systems and payment systems can have very serious consequences too, he added. He said attacks on the nation's systems and infrastructure will impact how it does business, with Singapore having to relook its vendors and supply chains. Trust and confidence in Singapore as a whole can also be affected, he added. "Businesses may shy away if they are unsure about our systems - whether the systems are clean, resilient, safe," he said. Mr Shanmugam cited APT attacks in Ukraine that caused a power outage. He also cited a cyber attack on a South Korean telecommunications company in April 2025 that exposed the SIM data of nearly 27 million users and caused widespread concern in the country. "Singapore has been attacked as well. We are a relevant country geopolitically. We are a digital and data hub that connects the world," he said. "People want to get into our systems, to both influence us and threaten us." He highlighted some attacks from APT actors in Singapore that have been made public, but where the culprits were not named due to national security reasons. These include an incident in 2014 when the authorities detected a security breach in the Ministry of Foreign Affairs' technology systems. Steps were taken to isolate the affected devices, and the networks were strengthened following the discovery. In what was the first sophisticated attack against universities here, NUS and NTU discovered intrusions in their networks in 2017. No classified data or student personal data was stolen. But the attackers were believed to have targeted the two institutions to steal government and research data. The universities were involved in government-linked projects for the defence, foreign affairs and transport sectors. Then in 2018, Singapore experienced its worst data breach involving the personal particulars of 1.5 million patients, including then Prime Minister Lee Hsien Loong. The attacker in the SingHealth breach was said to be persistent in its efforts to penetrate the network, bypass the security measures, and illegally access and exfiltrate data. The attacker is believed to have lurked in the healthcare group's network for at least nine months. Its mission: to access SingHealth's electronic medical records system, which is critical information infrastructure in Singapore. The unauthorised transfer of sensitive data took place in 2018. Most recently in 2024, about 2,700 devices in Singapore were discovered to have been infected after CSA took part in a cyber operation against a global botnet. APT hackers behind the botnet exploited poor cyber hygiene practices to infect devices, including baby monitors and internet routers. No critical information infrastructure was affected by the attack. Mr Shanmugam said Singapore has been and continues to be attacked by cyber threat actors. He cited a survey which showed that nearly 80 per cent of organisations in Singapore have experienced some form of cyber attack. At the event on July 18, CSA chief executive David Koh noted that cyberspace is contested, and that the agency is on the front line of this dynamic domain. "We will continue to be agile, to adapt to emerging threats, and to demonstrate our collective will and commitment to secure Singapore's cyberspace," he added. This article was first published in The Straits Times . Permission required for reproduction.
AsiaOne
19-07-2025
- Politics
- AsiaOne
Critical infrastructure in Singapore under attack by cyber espionage group: Shanmugam
SINGAPORE - The authorities are dealing with an ongoing attack on Singapore's critical information infrastructure by a state-sponsored cyber espionage group, UNC3886. Naming the nation's attacker for the first time on Friday (July 18), Coordinating Minister for National Security K. Shanmugam said that Singapore is facing serious threats from state-linked advanced persistent threat (APT) actors. These are well-resourced attackers that use sophisticated techniques to evade detection. They lurk in networks to spy over the long term, to steal sensitive information or disrupt essential services, among other objectives. "UNC3886 poses a serious threat to us, and has the potential to undermine our national security," said Mr Shanmugam at the Cyber Security Agency of Singapore's (CSA) 10th anniversary dinner at Sands Expo and Convention Centre. "Even as we speak, UNC3886 is attacking our critical infrastructure right now." Mr Shanmugam, who is also Home Affairs Minister, did not disclose UNC3886's sponsors, but experts have said that the group is linked to China. Cyber-security firm Mandiant first detected the Chinese espionage group in 2022. UNC3886 is said to have targeted prominent strategic organisations - including those in the defence, technology and telecommunication sectors - on a global scale. APT hackers like UNC3886 gain unauthorised access into networks by employing techniques such as custom malware and tools available on the victim's system to evade detection. Zero-day exploits, which are unpatched vulnerabilities, are also typically used to gain entry to networks. Mr Shanmugam said CSA and relevant agencies are actively dealing with the attack, and are working with relevant critical information infrastructure owners. Describing UNC3886 as highly sophisticated and persistent in victim networks, he said: "The intent of this threat actor in attacking Singapore is quite clear. They are going after high-value, strategic targets - vital infrastructure that delivers our essential services. "If it succeeds, it can conduct espionage, and it can cause major disruption to Singapore and Singaporeans." Mr Shanmugam said the number of suspected APT attacks in Singapore has increased more than fourfold from 2021 to 2024. Illustrating how APTs seriously threaten national security, Mr Shanmugam said a cyber attack on Singapore's power system could disrupt its electricity supply, which could have a knock-on effect on other essential services such as healthcare or transport. "There are also economic implications. Our banks, airport and industries would not be able to operate. Our economy can be substantially affected," he said. Attacks on Singapore's telco systems and payment systems can have very serious consequences too, he added. He said attacks on the nation's systems and infrastructure will impact how it does business, with Singapore having to relook its vendors and supply chains. Trust and confidence in Singapore as a whole can also be affected, he added. "Businesses may shy away if they are unsure about our systems - whether the systems are clean, resilient, safe," he said. Mr Shanmugam cited APT attacks in Ukraine that caused a power outage. He also cited a cyber attack on a South Korean telecommunications company in April 2025 that exposed the SIM data of nearly 27 million users and caused widespread concern in the country. "Singapore has been attacked as well. We are a relevant country geopolitically. We are a digital and data hub that connects the world," he said. "People want to get into our systems, to both influence us and threaten us." He highlighted some attacks from APT actors in Singapore that have been made public, but where the culprits were not named due to national security reasons. These include an incident in 2014 when the authorities detected a security breach in the Ministry of Foreign Affairs' technology systems. Steps were taken to isolate the affected devices, and the networks were strengthened following the discovery. In what was the first sophisticated attack against universities here, NUS and NTU discovered intrusions in their networks in 2017. No classified data or student personal data was stolen. But the attackers were believed to have targeted the two institutions to steal government and research data. The universities were involved in government-linked projects for the defence, foreign affairs and transport sectors. Then in 2018, Singapore experienced its worst data breach involving the personal particulars of 1.5 million patients, including then Prime Minister Lee Hsien Loong. The attacker in the SingHealth breach was said to be persistent in its efforts to penetrate the network, bypass the security measures, and illegally access and exfiltrate data. The attacker is believed to have lurked in the healthcare group's network for at least nine months. Its mission: to access SingHealth's electronic medical records system, which is critical information infrastructure in Singapore. The unauthorised transfer of sensitive data took place in 2018. Most recently in 2024, about 2,700 devices in Singapore were discovered to have been infected after CSA took part in a cyber operation against a global botnet. APT hackers behind the botnet exploited poor cyber hygiene practices to infect devices, including baby monitors and internet routers. No critical information infrastructure was affected by the attack. Mr Shanmugam said Singapore has been and continues to be attacked by cyber threat actors. He cited a survey which showed that nearly 80 per cent of organisations in Singapore have experienced some form of cyber attack. At the event on July 18, CSA chief executive David Koh noted that cyberspace is contested, and that the agency is on the front line of this dynamic domain. "We will continue to be agile, to adapt to emerging threats, and to demonstrate our collective will and commitment to secure Singapore's cyberspace," he added. This article was first published in The Straits Times. Permission required for reproduction.
The Star
19-07-2025
- Politics
- The Star
Critical infrastructure in Singapore under attack by cyber espionage group: Shanmugam
SINGAPORE: The authorities are dealing with an ongoing attack on Singapore's critical information infrastructure by a state-sponsored cyber espionage group, UNC3886. Naming the nation's attacker for the first time on Friday (July 18), Coordinating Minister for National Security K. Shanmugam said that Singapore is facing serious threats from state-linked advanced persistent threat (APT) actors. These are well-resourced attackers that use sophisticated techniques to evade detection. They lurk in networks to spy over the long term, to steal sensitive information or disrupt essential services, among other objectives. 'UNC3886 poses a serious threat to us, and has the potential to undermine our national security,' said Shanmugam at the Cyber Security Agency of Singapore's (CSA) 10th anniversary dinner at Sands Expo and Convention Centre. 'Even as we speak, UNC3886 is attacking our critical infrastructure right now.' Shanmugam, who is also Home Affairs Minister, did not disclose UNC3886's sponsors, but experts have said that the group is linked to China. Cyber-security firm Mandiant first detected the Chinese espionage group in 2022. UNC3886 is said to have targeted prominent strategic organisations – including those in the defence, technology and telecommunication sectors – on a global scale. APT hackers like UNC3886 gain unauthorised access into networks by employing techniques such as custom malware and tools available on the victim's system to evade detection. Zero-day exploits, which are unpatched vulnerabilities, are also typically used to gain entry to networks. Shanmugam said CSA and relevant agencies are actively dealing with the attack, and are working with relevant critical information infrastructure owners. Describing UNC3886 as highly sophisticated and persistent in victim networks, he said: 'The intent of this threat actor in attacking Singapore is quite clear. They are going after high-value, strategic targets – vital infrastructure that delivers our essential services. 'If it succeeds, it can conduct espionage, and it can cause major disruption to Singapore and Singaporeans.' Shanmugam said the number of suspected APT attacks in Singapore has increased more than fourfold from 2021 to 2024. Illustrating how APTs seriously threaten national security, Shanmugam said a cyber attack on Singapore's power system could disrupt its electricity supply, which could have a knock-on effect on other essential services such as healthcare or transport. 'There are also economic implications. Our banks, airport and industries would not be able to operate. Our economy can be substantially affected,' he said. Attacks on Singapore's telco systems and payment systems can have very serious consequences too, he added. He said attacks on the nation's systems and infrastructure will impact how it does business, with Singapore having to relook its vendors and supply chains. Trust and confidence in Singapore as a whole can also be affected, he added. 'Businesses may shy away if they are unsure about our systems – whether the systems are clean, resilient, safe,' he said. Shanmugam cited APT attacks in Ukraine that caused a power outage. He also cited a cyber attack on a South Korean telecommunications company in April 2025 that exposed the SIM data of nearly 27 million users and caused widespread concern in the country. 'Singapore has been attacked as well. We are a relevant country geopolitically. We are a digital and data hub that connects the world,' he said. 'People want to get into our systems, to both influence us and threaten us.' He highlighted some attacks from APT actors in Singapore that have been made public, but where the culprits were not named due to national security reasons. These include an incident in 2014 when the authorities detected a security breach in the Ministry of Foreign Affairs' technology systems. Steps were taken to isolate the affected devices, and the networks were strengthened following the discovery. In what was the first sophisticated attack against universities here, NUS and NTU discovered intrusions in their networks in 2017. No classified data or student personal data was stolen. But the attackers were believed to have targeted the two institutions to steal government and research data. The universities were involved in government-linked projects for the defence, foreign affairs and transport sectors. Then in 2018, Singapore experienced its worst data breach involving the personal particulars of 1.5 million patients, including then Prime Minister Lee Hsien Loong. The attacker in the SingHealth breach was said to be persistent in its efforts to penetrate the network, bypass the security measures, and illegally access and exfiltrate data. The attacker is believed to have lurked in the healthcare group's network for at least nine months. Its mission: to access SingHealth's electronic medical records system, which is critical information infrastructure in Singapore. The unauthorised transfer of sensitive data took place in 2018. Most recently in 2024, about 2,700 devices in Singapore were discovered to have been infected after CSA took part in a cyber operation against a global botnet. APT hackers behind the botnet exploited poor cyber hygiene practices to infect devices, including baby monitors and internet routers. No critical information infrastructure was affected by the attack. Shanmugam said Singapore has been and continues to be attacked by cyber threat actors. He cited a survey which showed that nearly 80 per cent of organisations in Singapore have experienced some form of cyber attack. At the event on July 18, CSA chief executive David Koh noted that cyberspace is contested, and that the agency is on the front line of this dynamic domain. 'We will continue to be agile, to adapt to emerging threats, and to demonstrate our collective will and commitment to secure Singapore's cyberspace,' he added. - The Straits Times/ANN
Business Times
18-07-2025
- Business
- Business Times
Critical infrastructure in Singapore under attack by cyber espionage group: Shanmugam
[SINGAPORE] The authorities are dealing with an ongoing attack on Singapore's critical information infrastructure by a state-sponsored cyber espionage group UNC3886. Naming the nation's attacker for the first time on Friday (Jul 18), Coordinating Minister for National Security K Shanmugam said that Singapore is facing serious threats from state-linked advanced persistent threat (APT) actors. These are well-resourced attackers that use sophisticated techniques to evade detection. They lurk in networks to spy over the long term to steal sensitive information or disrupt essential services, among other objectives. 'UNC3886 poses a serious threat to us, and has the potential to undermine our national security,' said Shanmugam at the Cyber Security Agency of Singapore's (CSA) 10th anniversary dinner at Sands Expo and Convention Centre. 'Even as we speak, UNC3886 is attacking our critical infrastructure right now.' Shanmugam did not disclose UNC3886's sponsors, but experts have said that the group is linked to China. A NEWSLETTER FOR YOU Friday, 8.30 am Asean Business Business insights centering on South-east Asia's fast-growing economies. Sign Up Sign Up Cybersecurity firm Mandiant first detected the Chinese espionage group in 2022. UNC3886 is said to have targeted prominent strategic organisations - including those in the defence, technology and telecommunication sectors - on a global scale. APT hackers like UNC3886 gain unauthorised access into networks by employing techniques such as custom malware and tools available on the victim's system to evade detection. Zero-day exploits, which are unpatched vulnerabilities, are also typically used to gain entry to networks. Shanmugam said CSA and relevant agencies are actively dealing with the attack, and are working with critical information infrastructure owners. Describing UNC3886 as highly sophisticated and persistent in victim networks, he said: 'The intent of this threat actor is clear. They are going after high value and strategic targets.' If successful, APT attacks could cause a disruption to electricity supply, which could have a knock-on effect on other essential services such as healthcare or transport. Shanmugam said the number of suspected APT attacks in Singapore has increased more than four-fold from 2021 to 2024. 'There are also economic implications. Our banks, airport, and industries would not be able to operate. Our economy can be substantially impacted,' he said. He cited APT attacks in Ukraine that caused a power outage. He also cited a cyber-attack on a South Korean telecommunications company in April 2025 that exposed the SIM data of nearly 27 million users and caused widespread concern in the country. 'Singapore has been attacked as well. We are a relevant country geopolitically. We are a digital and data hub that connects the world,' he said. 'People want to get into our systems, to both influence us and threaten us.' He highlighted some attacks from APT actors in Singapore that have been made public, but where the culprits were not named due to national security reasons. These include an incident in 2014, when the authorities detected a security breach in the Ministry of Foreign Affairs' technology systems. Steps were taken to isolate the affected devices and the networks were strengthened following the discovery. In what was the first sophisticated attack against universities here, National University of Singapore and the Nanyang Technological University discovered intrusions in their networks in 2017. No classified data or student personal data was stolen. But the attackers were believed to have targeted the two institutions to steal government and research data. The varsities were involved in government-linked projects for the defence, foreign affairs and transport sectors. Then in 2018, Singapore experienced its worst data breach involving the personal particulars of 1.5 million patients, including then Prime Minister Lee Hsien Loong. The attacker in the SingHealth breach was said to be persistent in its efforts to penetrate the network, bypass the security measures and illegally access and exfiltrate data. The attacker is believed to have lurked in the healthcare group's network for at least nine months. Its mission: to access SingHealth's electronic medical records system, a critical information infrastructure in Singapore. The unauthorised transfer of sensitive data took place in 2018. Most recently in 2024, about 2,700 devices in Singapore were discovered to have been infected after CSA took part in a cyber operation against a global botnet. APT hackers behind the botnet exploited poor cyber hygiene practices to infect devices, including baby monitors and internet routers. No critical information infrastructure was affected by the attack. THE STRAITS TIMES
New Paper
04-07-2025
- New Paper
Don't fall for it: Police say scammers are requesting crypto transfers 'for security'
Cryptocurrency investors, be careful if you receive e-mails or messages asking you to transfer virtual assets through another crypto wallet for security or investigation purposes. The police said on July 3 that there have been at least 31 such reported cases since May. In the scam cases, victims would receive an e-mail or SMS text messages from scammers who claim to be from cryptocurrency platforms like Binance and Coinhako. The victims would be told that there are fraudulent activities, such as suspicious logins or withdrawal requests, on their accounts. They would then be asked to contact a customer support hotline to rectify the issues. The hotline number usually began with +65 3159. After calling the hotline, victims would be guided to download the Trust application on their mobile devices to set up a Trust Wallet. In some cases, victims would receive WhatsApp calls from numbers beginning with the prefixes +44, +61 or +66, the country codes for the UK, Australia and Thailand respectively. Through WhatsApp's screen-sharing function, the scammer would guide the victim with setting up the wallet. Victims would then be told to transfer their virtual assets to the new wallet for security purposes, and to reveal their login details. The victims would realise that they had been scammed only when the conmen became uncontactable or asked for more transfers, said the police. Licensed crypto platforms in Singapore will never instruct users to transfer their virtual assets to another crypto wallet or account for security or investigation purposes, the police added. These platforms will also never request for users' login details, including recovery phrases. The public should protect themselves from such scammers through actions such as setting lower transaction limits, and lower transaction thresholds that would trigger notifications to the user. Those who suspect that they may be a victim of cryptocurrency-related crimes should contact their cryptocurrency exchange to halt further transactions or freeze their account. They should also review and cancel any suspicious token approvals, and report the issue to the police. They should also report fraudulent crypto phishing websites to the Cyber Security Agency of Singapore's SingCERT at singcert@ or via the incident reporting form at
