Latest news with #criticalinfrastructure
South China Morning Post
a day ago
- Business
- South China Morning Post
Why did Singapore name cyberthreat group UNC3886 and is it linked to China?
Singapore has made a rare move to identify the UNC3886 cyberthreat group that it says is attacking local critical infrastructure. UNC3886 has been identified by Google-owned cybersecurity firm Mandiant as a China-linked cyber espionage group, although Beijing's embassy in Singapore has vehemently rejected the claim. Singapore's Coordinating Minister for National Security K Shanmugam said during a speech at the 10th anniversary of the Cyber Security Agency last Friday that from 2021 to last year, suspected advanced persistent threats against Singapore had increased more than fourfold. These threats often carried out state objectives, the minister noted. Shanmugam, who is also home affairs minister, said one advanced persistent threat group Singapore was facing was UNC3886, which the industry had associated with cyberattacks against critical areas such as defence, telecommunications and technology organisations in the United States and Asia. 'The intent of this threat actor in attacking Singapore is quite clear. They are going after high value, strategic targets. Vital infrastructure that delivers our essential services. If it succeeds, it can conduct espionage, and it can cause major disruption to Singapore and Singaporeans,' he said, without naming the suspected country linked to UNC3886. Less than a day after his speech, the minister posted that lottery numbers for 3886 in Singapore had been sold out. 'I said Singaporeans need to know that UNC3886 is attacking us in cyberspace. And that it's very serious. One reaction: No 3886 has been sold out for 4D today,' he wrote on social media.
Yahoo
3 days ago
- Politics
- Yahoo
Singapore military helps battle cyberattack: minister
Units in Singapore's military have been called in to help combat a cyberattack against critical infrastructure, the country's defence minister said Saturday -- a hack attempt attributed to an espionage group experts have linked to China. Defence Minister Chan Chun Sing said these select units will work with the Cyber Security Agency (CSA) in a united government response to the threat, local media reported. Chan described the cyberattack as "one example of the emerging threats" that the military has to handle, the reports said. There have been no reported breaches so far. Coordinating Minister for National Security K. Shanmugam first disclosed the attack late Friday, describing it as a type of Advanced Persistent Threat (APT) that poses a serious danger to the city-state. An APT refers to a cyberattack in which an intruder establishes and maintains unauthorised access to a target, remaining undetected for a sustained period of time. "I can say that it is serious and it is ongoing. And it has been identified to be UNC3886," Shanmugam said, referring to the alleged attackers. Shanmugam, who is also home affairs minister, did not elaborate in his speech on the group's sponsors or the origin of the attack. But Google-owned cybersecurity firm Mandiant described UNC3886 as a "highly adept China-nexus cyber espionage group". APT actors typically steal sensitive information and disrupt essential services, such as healthcare, telecoms, water, transport and power, Shanmugam said. "If it succeeds, it can conduct espionage and it can cause major disruption to Singapore and Singaporeans," he added. - 'Stealthy opponents' - A successful breach of Singapore's power system, for example, could wreak havoc with the electricity supply, with knock-on effects on essential services, such as healthcare and transport. "There are also economic implications. Our banks, airports and industries would not be able to operate. Our economy can be substantially affected," Shanmugam said. Between 2021 and 2024, suspected APTs against Singapore increased more than fourfold. A cyber breach of a public healthcare cluster in 2018 accessed the medication records of about 160,000 patients, including then prime minister Lee Hsien Loong. Beijing's embassy in Singapore on Saturday expressed "strong dissatisfaction" with media reports linking UNC3886 to China. In a statement, the embassy said it "firmly opposes any unwarranted smearing of China" and that "in fact, China is one of the main victims of cyberattacks". The statement added: "China firmly opposes and cracks down on all forms of cyberattacks in accordance with the law. China does not encourage, support, or condone hacking activities." Asked by reporters Saturday about the link between UNC3886 and China, The Straits Times newspaper quoted Shanmugam as saying: "As far as the Singapore government is concerned, we can say we are confident that it is this particular organisation. Who they are linked to, and how they operate, is not something I want to go into." Information Minister Josephine Teo said in a Facebook post Saturday that the alleged attacker was publicly named because it was "important for Singaporeans to know where the attack is coming from and what the potential consequences will be". The attack on Singapore's critical infrastructure "highlights the extraordinary challenges posed by APT actors," said Satnam Narang, senior staff research engineer at US-based cybersecurity firm Tenable. "Combating such stealthy opponents is becoming increasingly demanding as the scale and complexity of IT infrastructure that organisations and nations must defend continues to grow," he said. mba/sst
France 24
3 days ago
- Business
- France 24
Singapore facing 'serious' cyberattack by espionage group with alleged China ties
Singapore is dealing with a "serious" cyberattack against its critical infrastructure by a highly sophisticated entity linked by industry experts to China, the country's coordinating minister for national security said. The attack, part of a sophisticated level of cyber hacks called advanced persistent threats (APTs), poses a serious danger to Singapore and could undermine national security, K. Shanmugam disclosed in a speech late on Friday. "I can say that it is serious and it is ongoing. And it has been identified to be UNC3886," said Shanmugam, who is also the home affairs minister. Shanmugam did not disclose the group's sponsors, but UNC3886 has been pinpointed by Mandiant, a cybersecurity firm owned by Google, as a China-linked cyber espionage group involved in global attacks. "Even as we speak, UNC3886 is attacking our critical infrastructure right now," he said, adding that Singapore's Cyber Security Agency (CSA) and relevant authorities were dealing with the problem. APTs are highly sophisticated and well-resourced actors that typically steal sensitive information and disrupt essential services such as healthcare, telecom, water, transport and power, Shanmugam said. "If it succeeds, it can conduct espionage and it can cause major disruption to Singapore and Singaporeans," Shanmugam warned. A successful breach of Singapore's power system, for example, could disrupt electricity supply and have knock-on effects on essential services such as healthcare and transport. "There are also economic implications. Our banks, airports and industries would not be able to operate. Our economy can be substantially affected," he said. He said that between 2021 and 2024, suspected APTs against Singapore increased more than fourfold. A cyber breach on a public healthcare cluster in 2018 accessed the medication records of about 160,000 patients, including then-prime minister Lee Hsien Loong. On Saturday, China's embassy in Singapore expressed "strong dissatisfaction" with media reports linking UNC3886 to China. In a statement, the embassy said it "firmly opposes any unwarranted smearing of China" and that "in fact, China is one of the main victims of cyberattacks". The statement added: "China firmly opposes and cracks down on all forms of cyberattacks in accordance with the law. China does not encourage, support, or condone hacking activities." The attack on Singapore's critical infrastructure "highlights the extraordinary challenges posed by APT actors," said Satnam Narang, senior staff research engineer at US-based cybersecurity firm Tenable. "Combating such stealthy opponents is becoming increasingly demanding as the scale and complexity of IT infrastructure that organisations and nations must defend continues to grow," he said.
CNA
3 days ago
- Politics
- CNA
SAF and MINDEF units part of Singapore's response to ongoing cyberattack: Chan Chun Sing
SINGAPORE: Units in the Singapore Armed Forces (SAF) and Ministry of Defence (MINDEF) have been responding to the ongoing cyberattack by an alleged China-linked threat actor on Singapore's critical infrastructure, said Minister for Defence Chan Chun Sing on Saturday (Jul 19). These select units will work with the Cyber Security Agency of Singapore (CSA) in a whole-of-government effort to manage the incident, he added. Coordinating Minister for National Security K Shanmugam first revealed on Friday that Singapore was actively dealing with the "highly sophisticated' UNC3886 group, which he said posed a serious danger to Singapore and could undermine national security. UNC3886 has been described by Google-owned cybersecurity firm Mandiant as a "China-nexus espionage group" that has targeted prominent strategic organisations on a global scale. On Saturday, Mr Chan was one of three Cabinet ministers to address the attack. Minister for Digital Development and Information Josephine Teo said in a Facebook post that Singaporeans should be aware about the ongoing cyberspace threats the country faces, and that there was "never a perfect time" to disclose such incidents. "We always have to strike a fine balance between maintaining operational security and raising public awareness, especially while live operations are ongoing," she added. "Imagine if threat actors succeeded in taking down any of our critical systems, such as water, power or telco networks. The knock-on effects could be devastating." On the sidelines of a community event in Chong Pang on Saturday, Mr Shanmugam was also asked why the Singapore government decided to name the attackers. He said Singaporeans ought to know where the attack was coming from, and that attackers have been named in the past. "The number of incidents we disclose are far smaller than the actual number of attacks, and we don't disclose because of national security or public interest reasons," he added. "This time round, our assessment was that we can disclose those details. I released very little, very few details ... we have confidence as to who the attacker was. So we thought that that is appropriate to disclose." When asked about UNC3886's alleged links to China and possible retaliation for naming them, Mr Shanmugam, who is also Home Affairs Minister, said this was "speculative". "Who they are linked to and how they operate is not something I want to go into," he said. CHINESE EMBASSY RESPONDS On Saturday, the Chinese embassy in Singapore noted that Singapore media outlets had cited "so-called information from a certain country's cybersecurity company" and claimed UNC3886's link to China. The Chinese government expresses "strong dissatisfaction" over the claim and opposes any "groundless smears and accusations", the embassy said in a statement. "The embassy would like to reiterate that China is firmly against and cracks down (on) all forms of cyberattacks in accordance with law. China does not encourage, support or condone hacking activities," it added. "Keeping the cyberspace safe is a global challenge and China stands ready to work with Singapore and the rest of the world to jointly protect cybersecurity." OPERATIONAL READINESS Mr Chan on Saturday described the cyberattacks as an example of the type of emerging threats that the SAF and MINDEF have had to handle. Speaking to journalists during a visit to Selarang Camp, Mr Chan also addressed the importance of readiness among operationally ready national servicemen (NSmen). Countries can buy machines if they have money, but the "most critical" component of Singapore's defence is the "fighting spirit" of its men, he said. "To see the men being prepared, spend time and effort to maintain their fitness, to maintain their operational currency - that to us is the greatest deterrence that we can have," said the Defence Minister. He pointed to new operational challenges, including the conflicts in Europe and the Middle East, that Singapore is learning lessons from. "Many of these things we would have anticipated prior, and we will be ready. We can't be starting our preparations after we see what people do," said Mr Chan.
Reuters
6 days ago
- Politics
- Reuters
Seven arrest warrants issued in global swoop on suspected Russia-linked hackers
ROME/BERLIN, July 16 (Reuters) - Germany and Spain issued arrest warrants for seven suspected members of a pro-Russian hacking group accused of carrying out cyber attacks against critical infrastructure, arms makers, power companies and public authorities. The warrants resulted from an international operation involving law enforcement and judicial authorities including the U.S., France, Sweden, Italy, the Netherlands and Switzerland, German prosecutors and pan-European police agency Europol said in separate statements on Wednesday. German prosecutors said they had helped to coordinate the swoop on Tuesday in multiple countries in which 24 premises linked to the hacking group - which calls itself NoName057(16) - were searched, including one in Berlin and two in Bavaria in southeastern Germany. Germany issued six arrest warrants, five of them public, and Spain issued another. The NoName group had used the Telegram messaging app to enlist over 4,000 volunteers who made their systems available for swamping critical institutions' servers with so-called distributed denial of service attacks, the German prosecutors said. The premises searched included those linked to volunteers in the Telegram group, they said. In the past years the NoName collective, known for promoting Russian interests, has allegedly carried out successful cyberattacks in Ukraine and on government, infrastructure, banking, health services and telecom websites in European countries that have backed it against Russia. European authorities are increasingly concerned at the scale of the hybrid threats they say emanate from Russia, which is in the third year of its invasion of Western ally Ukraine. Those threats, which have included killings and alleged bomb plots against institutions and cargo aircraft, have largely been attributed to state actors. Russia has denied the accusation. In this case, prosecutors did not specifically link the suspects to the state. "The aim of the attacks on German targets was to garner media attention and thereby influence political and social decision-making in Germany," prosecutors said in the statement. The prosecutors and Europol published names and pictures of five of the people they were seeking, all of them Russian citizens and presumed to be residing in Russia. A further German arrest warrant remains sealed. Prosecutors identified one of the Russian citizens as one of two leading figures in the group it was seeking. Europol said volunteers were recruited through Russian channels, chat groups, social media and messaging apps and that they often invited contacts from gaming and hacking forums. Italian authorities added in a separate statement that sympathisers were given lists of Western targets to hit and provided with the software needed to participate. They added that the organisation - which paid with cryptocurrencies - had a "central line of command and control in the Russian Federation". The group also ran its own botnet - a network of private computers infected with malware and controlled by hackers - of several hundred servers to amplify the impact, they said. Authorities in the Czech Republic, Finland, Lithuania and Poland contributed to the investigation, said Europol, which helped to coordinate it.
