Singapore is currently under attack by a cyber espionage group, said Home Affairs Minister K. Shanmugam.
The attack on our critical infrastructure is going on “even as we speak”, he revealed in a speech reported by Channel NewsAsia.
Source: Cyber Security Agency on Facebook
Mr Shanmugam, who is also Coordinating Minister for National Security, was speaking on Friday (18 July) at the Cyber Security Agency of Singapore’s (CSA) 10th anniversary dinner at the Marina Bay Sands.
He named the attacker as UNC3886, a “highly sophisticated threat actor”.
According to Mandiant, a cybersecurity firm owned by Google, UNC3886 is “a suspected China-nexus cyber espionage actor”.
UNC3886 has targeted prominent strategic organisations on a global scale, and was first detected by Mandiant in Sept 2022, it said.
Mr Shanmugam said UNC3886 poses “a serious threat” to Singapore and could undermine our national security.
This is because UNC3886 can evade detection and maintain persistent access to networks, making use of advanced tools to compromise systems.
UNC3886 has been associated with cyberattacks against critical areas in the United States and Asia, including defence, telcos, and technology organisations.
Source: KeepCoding on Unsplash. Photo for illustration purposes only.
UNC3886 is one of a number of “advanced persistent threats” (APTs) that “typically act on state objectives”, Mr Shanmugam said.
Highly sophisticated and well-resourced, APTs steal sensitive information and disrupt essential services,” he added.
Examples of critical infrastructure that APTs attack are healthcare, telecommunications, water, transport, and power.
The minister added that its intent in attacking Singapore is “quite clear” — it’s targeting “high-value strategic threat targets” and vital infrastructure for essential services.
He also warned:
If it succeeds, it can conduct espionage and it can cause major disruption to Singapore and Singaporeans.
Source: Cyber Security Agency on Facebook
Further details of the attack cannot be disclosed at this point as it is not in Singapore’s security interests.
CSA has said in a statement that it was leading investigations into UNC3886 and has been investigating its activities since it was detected in parts of Singapore’s critical infrastructure.
The agency is also monitoring all critical sectors, namely:
CSA and the relevant agencies and partners are supporting the affected organisations, sharing threat intelligence so preventive measures can be taken, it added, noting:
These attacks are often protracted campaigns, and CSA will need to preserve operational security by not disclosing further information at this stage
Have news you must share? Get in touch with us via email at news@mustsharenews.com.
Featured image adapted from Cyber Security Agency on Facebook and KeepCoding on Unsplash. Photo on the right for illustration purposes only.