SINGAPORE, July 19, 2025 (BSS/AFP) - Singapore announced it was battling a 
"serious" cyberattack against its critical infrastructure, attributing the 
hack to an espionage group that experts have linked to China.

The attack, a kind of Advanced Persistent Threat (APT), poses a serious 
danger to the city-state, Coordinating Minister for National Security K. 
Shanmugam said in a speech late Friday.

An APT refers to a cyberattack where an intruder establishes and maintains 
unauthorised access to a target, remaining undetected for a sustained period 
of time.

"I can say that it is serious and it is ongoing. And it has been identified 
to be UNC3886," he said.

Shanmugam, who is also home affairs minister, did not elaborate on the 
group's sponsors or the origin of the attack.

But Google-owned cybersecurity firm Mandiant described UNC3886 as a "highly 
adept China-nexus cyber espionage group".

APT actors typically steal sensitive information and disrupt essential 
services, such as healthcare, telecoms, water, transport and power, minister 
Shanmugam said.

"If it succeeds, it can conduct espionage and it can cause major disruption 
to Singapore and Singaporeans," he added.

A successful breach of Singapore's power system, for example, could wreak 
havoc with the electricity supply, with knock-on effects on essential 
services, such as healthcare and transport.

"There are also economic implications. Our banks, airports and industries 
would not be able to operate. Our economy can be substantially affected," he 
said.

Between 2021 and 2024, suspected APTs against Singapore increased more than 
fourfold.

A cyber breach on a public healthcare cluster in 2018 accessed the medication 
records of about 160,000 patients, including then-prime minister Lee Hsien 
Loong.

On Saturday, China's embassy in Singapore expressed "strong dissatisfaction" 
with media reports linking UNC3886 to China.

In a statement, the embassy said it "firmly opposes any unwarranted smearing 
of China" and that "in fact, China is one of the main victims of 
cyberattacks".

The statement added: "China firmly opposes and cracks down on all forms of 
cyberattacks in accordance with the law. China does not encourage, support, 
or condone hacking activities."

The attack on Singapore's critical infrastructure "highlights the 
extraordinary challenges posed by APT actors," said Satnam Narang, senior 
staff research engineer at US-based cybersecurity firm Tenable.

"Combating such stealthy opponents is becoming increasingly demanding as the 
scale and complexity of IT infrastructure that organisations and nations must 
defend continues to grow," he said.