Singapore’s Critical Infrastructure Under Attack By Chinese Cyber Espionage Group

Singapore is currently under cyberattack from a state-sponsored espionage group known as UNC3886, Coordinating Minister for National Security K. Shanmugam confirmed, Samuel Devaraj reported for The Straits Times.

These sophisticated and well-funded attackers are capable of long-term infiltration, spying on sensitive networks, and disrupting essential services. I Photo: Cyber Security Agency of Singapore - CSA Facebook

Speaking at the 10th anniversary of the Cyber Security Agency of Singapore (CSA) held at the Sands Expo and Convention Center, Shanmugam said the nation is facing ongoing threats from state-linked advanced persistent threat (APT) actors.

These sophisticated and well-funded attackers are capable of long-term infiltration, spying on sensitive networks, and disrupting essential services.

“UNC3886 poses a serious threat to us and has the potential to undermine our national security,” said Shanmugam, who also serves as Home Affairs Minister. “Even as we speak, UNC3886 is attacking our critical infrastructure right now.”

While he did not confirm the group's sponsors, cybersecurity experts widely link UNC3886 to China.

Cybersecurity firm Mandiant first detected the group in 2022. It has reportedly targeted high-value organizations globally, including those in defense, telecommunications, and technology sectors.

APT groups like UNC3886 often use custom malware, zero-day exploits, and tools already present on target systems to avoid detection. CSA and other relevant agencies are actively responding to the threat and coordinating with critical infrastructure owners to contain the breach.