Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks

Singapore’s critical infrastructure is being targeted by a Chinese espionage hacking group, a senior official said Friday. 

In a speech, Singapore’s Coordinating Minister for National Security K. Shanmugam highlighted the activity of UNC3886, an espionage group that has previously targeted routers and network security devices to infiltrate critical entities. 

“The intent of this threat actor in attacking Singapore is quite clear,” Shanmugan said. “It is going after high value strategic threat targets, vital infrastructure that deliver essential services.”

Shanmugan did not disclose details of UNC3886’s activity but said “it is serious and it’s ongoing… and we will assess whether it is in our interest to disclose more details later.” 

“UNC3886 poses a serious threat to us and has the potential to undermine our national security,” he said. “Even as we speak, [the group] is attacking our critical infrastructure right now.“

Researchers at the Google-owned cybersecurity firm Mandiant recently attributed a campaign to deploy custom backdoors on Juniper Networks routers to UNC3886. 

The hackers “seem to be focused mainly on defense, technology, and telecommunication organizations located in the US and Asia,” Mandiant wrote, and “prioritize[s] stealth in its operations … indicating a focus on long-term persistence, while minimizing the risk of detection.” 

The group has also been seen targeting Fortinet and VMware network devices. 

Singapore has grappled with Chinese advanced persistent threat groups, which frequently target countries in Beijing’s orbit. The Chinese state hacking group Volt Typhoon is believed to have breached Singapore’s largest mobile carrier, Singapore Telecommunications Ltd., in the summer of 2024. 

In his speech Friday, Shanmugam warned that the targeting of critical industries has the potential to create cascading impacts.  

“Attacks on our systems and infrastructure will then impact on how we do business, who will be our vendors, and what's in our supply chains,” he said. “All of that will have to be re-looked at, and if we decide that we cannot trust them then we may choose not to use them.”