Follow us on Whatsapp for the latest updates Follow us on Telegram for the latest updates

Shanmugam says cyber espionage group UNC3886 is behind attack, poses ‘a serious threat’

Singapore is currently under attack by a cyber espionage group, said Home Affairs Minister K. Shanmugam.

The attack on our critical infrastructure is going on “even as we speak”, he revealed in a speech reported by Channel NewsAsia.

Source: Cyber Security Agency on Facebook

Shanmugam names UNC3886 as behind cyber attack

Mr Shanmugam, who is also Coordinating Minister for National Security, was speaking on Friday (18 July) at the Cyber Security Agency of Singapore’s (CSA) 10th anniversary dinner at the Marina Bay Sands.

He named the attacker as UNC3886, a “highly sophisticated threat actor”.

According to Mandiant, a cybersecurity firm owned by Google, UNC3886 is “a suspected China-nexus cyber espionage actor”.

UNC3886 has targeted prominent strategic organisations on a global scale, and was first detected by Mandiant in September 2022, it said.

UNC3886 poses ‘a serious threat’ to S’pore

Mr Shanmugam said UNC3886 poses “a serious threat” to Singapore and could undermine our national security.

This is because UNC3886 can evade detection and maintain persistent access to networks, making use of advanced tools to compromise systems.

UNC3886 has been associated with cyberattacks against critical areas in the United States and Asia, including defence, telcos and technology organisations.

Source: KeepCoding on Unsplash. Photo for illustration purposes only.

UNC3886 is one of a number of “advanced persistent threats” (APTs) that “typically act on state objectives”, Mr Shanmugam said.

Highly sophisticated and well-resourced, APTs steal sensitive information and disrupt essential services,” he added.

Examples of critical infrastructure that APTs attack are healthcare, telecommunications, water, transport and power.

Cyber attack can cause major disruption to S’pore: Shanmugam

The minister added that its intent in attacking Singapore is “quite clear” — it’s targeting “high-value strategic threat targets” and vital infrastructure for essential services.

He also warned:

If it succeeds, it can conduct espionage and it can cause major disruption to Singapore and Singaporeans.

Source: Cyber Security Agency on Facebook

Further details of the attack cannot be disclosed at this point as it is not in Singapore’s security interests.

CSA has been investigating UNC3886

CSA has said in a statement that it was leading investigations into UNC3886 and has been investigating its activities since it was detected in parts of Singapore’s critical infrastructure.

The agency is also monitoring all critical sectors, namely:

Energy

Water

Banking and finance

Healthcare

Transport

Government

Information and communications

Media

Security and emergency services

CSA and the relevant agencies and partners are supporting the affected organisations, sharing threat intelligence so preventive measures can be taken, it added, noting:

These attacks are often protracted campaigns and CSA will need to preserve operational security by not disclosing further information at this stage

Also read: Attack On S’pore Hospitals & Polyclinics’ Servers Caused Internet Disruption, No Patient Data Affected: IT Provider

Attack On S’pore Hospitals & Polyclinics’ Servers Caused Internet Disruption, No Patient Data Affected: IT Provider

Have news you must share? Get in touch with us via email at news@mustsharenews.com.