Berliner Tageblatt - Singapore military helps battle cyberattack: minister

Defence Minister Chan Chun Sing said these select units will work with the Cyber Security Agency (CSA) in a united government response to the threat, local media reported.

Chan described the cyberattack as "one example of the emerging threats" that the military has to handle, the reports said.

There have been no reported breaches so far.

Coordinating Minister for National Security K. Shanmugam first disclosed the attack late Friday, describing it as a type of Advanced Persistent Threat (APT) that poses a serious danger to the city-state.

An APT refers to a cyberattack in which an intruder establishes and maintains unauthorised access to a target, remaining undetected for a sustained period of time.

"I can say that it is serious and it is ongoing. And it has been identified to be UNC3886," Shanmugam said, referring to the alleged attackers.

Shanmugam, who is also home affairs minister, did not elaborate in his speech on the group's sponsors or the origin of the attack.

But Google-owned cybersecurity firm Mandiant described UNC3886 as a "highly adept China-nexus cyber espionage group".

APT actors typically steal sensitive information and disrupt essential services, such as healthcare, telecoms, water, transport and power, Shanmugam said.

"If it succeeds, it can conduct espionage and it can cause major disruption to Singapore and Singaporeans," he added.

- 'Stealthy opponents' -

A successful breach of Singapore's power system, for example, could wreak havoc with the electricity supply, with knock-on effects on essential services, such as healthcare and transport.

"There are also economic implications. Our banks, airports and industries would not be able to operate. Our economy can be substantially affected," Shanmugam said.

Between 2021 and 2024, suspected APTs against Singapore increased more than fourfold.

A cyber breach of a public healthcare cluster in 2018 accessed the medication records of about 160,000 patients, including then prime minister Lee Hsien Loong.

Beijing's embassy in Singapore on Saturday expressed "strong dissatisfaction" with media reports linking UNC3886 to China.

In a statement, the embassy said it "firmly opposes any unwarranted smearing of China" and that "in fact, China is one of the main victims of cyberattacks".

The statement added: "China firmly opposes and cracks down on all forms of cyberattacks in accordance with the law. China does not encourage, support, or condone hacking activities."

Asked by reporters Saturday about the link between UNC3886 and China, The Straits Times newspaper quoted Shanmugam as saying: "As far as the Singapore government is concerned, we can say we are confident that it is this particular organisation. Who they are linked to, and how they operate, is not something I want to go into."

Information Minister Josephine Teo said in a Facebook post Saturday that the alleged attacker was publicly named because it was "important for Singaporeans to know where the attack is coming from and what the potential consequences will be".

The attack on Singapore's critical infrastructure "highlights the extraordinary challenges posed by APT actors," said Satnam Narang, senior staff research engineer at US-based cybersecurity firm Tenable.

"Combating such stealthy opponents is becoming increasingly demanding as the scale and complexity of IT infrastructure that organisations and nations must defend continues to grow," he said.

H.Seidel--BTB