Singapore is grappling with what officials have described as a “serious and ongoing” cyberattack targeting its critical infrastructure, raising concerns over national security and economic stability.
Coordinating Minister for National Security K. Shanmugam confirmed late Friday that the attack has been identified as the work of UNC3886, a sophisticated cyber espionage group that cybersecurity experts have previously linked to China. Shanmugam, who also serves as Home Affairs Minister, stopped short of directly blaming Beijing but warned that the threat was severe.
“This is a serious attack, and it is still ongoing,” Shanmugam said in his speech. “If it succeeds, it can conduct espionage and cause major disruption to Singapore and Singaporeans.”
A Stealthy and Dangerous Threat
The attack has been classified as an Advanced Persistent Threat (APT), a form of cyber intrusion where hackers gain unauthorized access to systems and remain undetected for long periods, often to steal sensitive data or sabotage critical operations.
APT actors typically target essential services such as healthcare, telecommunications, water supply, transportation, and power grids. A successful breach of Singapore’s power system, Shanmugam warned, could cripple electricity distribution, affecting hospitals, public transport, and other crucial services.
“There are also economic implications,” he added. “Our banks, airports, and industries would not be able to operate. Our economy can be substantially affected.”
Cybersecurity firm Mandiant, owned by Google, has described UNC3886 as a “highly adept China-nexus cyber espionage group.”
Growing Cyber Threats to Singapore
The attack underscores the rising cyber risks faced by the city-state. Between 2021 and 2024, suspected APT incidents against Singapore increased more than fourfold, according to government data.
Singapore has experienced significant breaches in the past, including a 2018 hack of its public healthcare system that exposed the medication records of about 160,000 patients, among them then-Prime Minister Lee Hsien Loong.
China Denies Involvement
In response to reports linking UNC3886 to China, Beijing’s embassy in Singapore issued a strongly worded statement on Saturday, expressing “strong dissatisfaction” with what it called “unwarranted smearing.”
“China firmly opposes and cracks down on all forms of cyberattacks in accordance with the law. China does not encourage, support, or condone hacking activities,” the statement read, adding that China is “itself a major victim of cyberattacks.”
Experts Warn of Increasingly Sophisticated Threats
Cybersecurity experts say the attack highlights the growing challenges of defending against advanced state-linked hackers.
“Combating such stealthy opponents is becoming increasingly demanding as the scale and complexity of IT infrastructure that organisations and nations must defend continues to grow,” said Satnam Narang, senior staff research engineer at US-based cybersecurity firm Tenable.
As Singapore works to contain the attack, officials have not disclosed which sectors have been affected or how long the intrusions may have gone undetected. But the warning from Shanmugam makes clear that the stakes are high: a successful cyberespionage campaign could not only compromise sensitive data but also disrupt the daily lives of millions of Singaporeans.
