Up next in 10
Singapore's Cyber Defense: UNC3886 Threat Explained
Jul 21, 2025
Our exploration unveils Singapore's proactive cyber defense strategies against sophisticated threats like UNC3886. We delve into the impact of cyber warfare on essential services and national security, with expert insights on mitigation and global dynamics. #Cybersecurity #SingaporeCyber #UNC3886 #CyberAttacks #NationalSecurity #DigitalDefense #CyberThreats #Geopolitics #CyberWarfare #TechNews
View Video Transcript
0:00
Home Affairs Minister and Coordinating
0:01
Minister for National Security Kanugum
0:04
says Singapore must strengthen its cyber
0:07
defenses. He announced that Singapore is
0:09
currently under attack from a
0:10
sophisticated group known as UNC 3886.
0:15
Experts CN spoke to say they have
0:17
observed links between the group and
0:19
China.
0:21
The intent of this threat actor in
0:23
attacking Singapore is quite clear. It
0:27
is going after high value strategic
0:29
threat targets,
0:32
vital infrastructure that deliver
0:34
essential services. If it succeeds, it
0:38
can conduct espionage and it can cause
0:40
major disruption to Singapore and
0:43
Singaporeans.
0:45
UN3 UNCC 386
0:49
poses a serious threat to us and has the
0:52
potential to undermine our national
0:54
security.
0:56
Mr. Shan Mugum was speaking at the cyber
0:58
security ay's 10th anniversary dinner.
1:01
He adds that authorities will update the
1:03
cyber security act to get more powers to
1:06
deal with threats. This especially
1:08
considering how dangerous state- linked
1:10
groups can be. The cyber security agency
1:13
says in a statement it has been
1:16
investigating UNC 3886 since it was
1:19
detected in critical infrastructure. It
1:22
is working with relevant agencies and
1:24
partners to support affected
1:26
organizations.
1:29
While UNC 3886 has yet to be
1:32
definitively classified by cyber
1:34
security professionals, it could be an
1:36
advanced persistent threat. This are the
1:39
cyber equivalent of a special operations
1:41
unit and they have hit Singapore before.
1:44
Now such groups hit the foreign affairs
1:46
ministry in 2014. The National
1:48
University of Singapore and Nanyang
1:50
Technological University also had the
1:53
networks breached back in 2017.
1:56
Now in 2018, Singh Health systems were
1:59
compromised with a personal information
2:01
of 1.5 million patients stolen.
2:05
Most recently in 2024, some 2,700
2:09
residential devices such as routters and
2:11
cameras were used by a global botnet.
2:14
Now those devices could have been used
2:16
in cyber attacks elsewhere.
2:19
If such threats have hit Singapore
2:21
before, what are they and how are they
2:24
different from other cyber threats
2:25
Singapore faces? Well, Nicholas with a
2:28
download.
2:30
Very broadly speaking, cyber threats can
2:33
come from three groups. The first
2:35
activists, for example, anonymous. They
2:38
might deface websites or disrupt access
2:40
to web services, even leak data, often
2:43
for a political or social cause.
2:47
The second are cyber criminals and
2:49
ransomware groups. They're often in it
2:51
for the money, like blackmailing you
2:53
with your private information or locking
2:55
your data up and holding it ransom. And
2:57
the third, and what we're talking about
2:59
today, advanced persistent threats or
3:02
APS. These are often backed by
3:04
governments with big resources and
3:06
advanced tools to match, allowing them
3:08
to stay hidden in computer systems for
3:10
months at a time. They can find
3:12
weaknesses inherent in code that haven't
3:14
been patched yet, even tailor make their
3:16
own tools for infiltration.
3:20
Their objective isn't profit or
3:22
principles, it's power. APS pursue their
3:25
state's interests to steal secrets,
3:27
sabotage infrastructure, and disrupt
3:29
essential services. That's what makes
3:31
them a national security threat.
3:33
A group that is mission based and is
3:34
wellunded, they can afford to wait. All
3:36
right? If they can't get anything today,
3:38
they can afford to wait to tomorrow for
3:39
months, years even, right? Whereas for
3:41
some other groups who perhaps rely on,
3:44
let's say, uh hacking or ransomware to
3:47
survive, if they're not getting paid
3:49
from what they're doing, then they will
3:51
need to pivot to something else
3:52
immediately.
3:53
Their prime targets are critical
3:55
information infrastructure that's
3:56
defined as any computer systems needed
3:58
for essential services. for example,
4:01
energy, banking, transport, as well as
4:03
security and emergency services. Because
4:05
if these systems go down, life as we
4:08
know it grinds to a halt.
4:11
Like what's happening in the Ukraine
4:13
war. Investigations conducted by NATO
4:16
countries and Australia found that a
4:18
Russian AP group has been targeting
4:20
transport and delivery of foreign aid.
4:22
That group hacked into key
4:24
infrastructure like ports and airports
4:25
in 12 European countries, allowing them
4:28
to track where weapons were being moved
4:30
and target strikes on those shipments.
4:33
As for the specific group that attacked
4:35
Singapore, here's what we know about
4:38
UNCC 3886.
4:40
UNC stands for uncatategorized. They are
4:43
a group with observed links to China.
4:45
And this is according to cyber security
4:47
firm Mandant, which has tracked them for
4:49
three years. UNCC 3886 target strategic
4:53
assets like critical infrastructure,
4:56
defense contractors and governments
4:58
around the world. They break into these
5:01
systems by finding loopholes in devices
5:03
connected to the internet. Now, these
5:05
vulnerabilities may be unknown and not
5:08
fixed. Imagine like a secret door in
5:11
your house that only a thief knows
5:13
about, allowing them to slip in and out
5:16
without anyone knowing. Once they are
5:18
in, it's easy for the group to steal
5:21
passwords and infiltrate even deeper to
5:24
the point that it is difficult to
5:26
distinguish them from the activity of
5:27
actual employees. And they can stay
5:31
hidden for a long time unnoticed,
5:33
sometimes even more than a year. Now, to
5:36
catch them, Mandian found changes in
5:38
code that didn't match the original
5:41
software. They also looked for signs of
5:43
unique malware. But that doesn't mean
5:45
the threat is gone. UNCC 3886 hides in
5:49
multiple layers of a system. So even if
5:52
you find and remove one, they could
5:54
still be in watching and waiting.
5:58
Now to protect our systems, Mandian says
6:01
it is important to patch network devices
6:03
as soon as updates are released. They
6:05
add that device activity needs to be
6:07
recorded and monitored more extensively
6:10
so action can be taken once threats are
6:13
identified.
6:14
There is intelligence available on these
6:16
thread actors but this intelligence must
6:18
be applied with the log sources in real
6:21
time so that we are able to spot any
6:23
malicious behavior. These logs must be
6:27
available to hunt in as in if let's say
6:30
there is a new piece of intelligence
6:31
that we now have on their behavior. We
6:34
should be able to go back and look at
6:36
these past logs and look for the traces
6:38
of these uh evidence in the those log
6:42
logs.
6:43
And for more we are now joined by
6:45
Muhammad Faizel, research fellow at the
6:47
regional security architecture program
6:49
at the S. Rajaratnam School of
6:51
International Studies. Mr. Faizel,
6:53
welcome to the program. So first of all,
6:55
you know, Singapore has explicitly named
6:57
a cyber threat group. Uh what do you
6:59
think is the rationale behind this move?
7:01
What has changed in Singapore's uh
7:03
response strategies you think?
7:05
Well, as you can see in the last few
7:08
years, Singapore's landscape has
7:09
changed. We are becoming more
7:11
digitalized. So because of that any
7:14
threat actors if they do conduct
7:16
Malaysia cyber activities
7:18
the impact will be much greater today
7:19
than it was five six years ago. So this
7:22
requires us to implement more or
7:25
stronger counter measures against them.
7:27
Furthermore, uh I think our country has
7:30
been emphasizing the importance of
7:32
digital defense and if you recall uh
7:34
during the total defense day in
7:36
February, there was an element of cyber
7:38
security in the simulation exercise. So
7:41
I think beyond uh educating the public
7:43
about it, it is also crucial to let them
7:45
know that the threat is real and it's
7:47
not simulated. M and so as you said the
7:50
landscape in Singapore has changed. We
7:51
are also seeing a rise in cyber warfare
7:54
as geopolitical tensions in the world uh
7:57
increase right. So help us understand
8:00
how serious is the cyber threat to
8:01
Singapore today.
8:02
I think what we should be concerned is
8:04
that we do not have tensions with other
8:07
countries but we may be caught in the
8:10
crosshairs. So we all know that uh when
8:12
it comes to global tensions we have
8:14
China on the one side and we have the US
8:17
and their allies on the other side.
8:18
However we Singapore as a country we are
8:21
digitalized we are interconnected with
8:23
all of them. If they both sides conduct
8:26
uh militia cyber activities against each
8:28
other it can actually affect us because
8:30
we are caught in between. And
8:32
furthermore, we can see in the
8:34
international space now that all the
8:36
major powers are trying to convince
8:38
various countries to align with
8:39
themselves with them to choose a side.
8:42
And I would say that the use of cyber
8:43
tactics is probably one of the ways to
8:45
change our behavior to persuade us to
8:47
align with certain sites.
8:49
So, so what does it mean then when
8:51
countries trade cyber attacks but still
8:53
shake hands in public? I think that is
8:56
the nature of diplomacy which is
8:58
basically requires the balance of
9:00
coercion and cooperation.
9:03
Um in order to change uh the behavior of
9:06
the other the other side the other
9:08
country you need to have tactics that
9:10
use both principles and furthermore even
9:13
when you face a certain threat or coion
9:15
from one particular state you cannot
9:17
allow that incident to basically define
9:20
the the wider bilater bilateral
9:22
relations between both countries. So
9:25
emerging technologies are growing more
9:27
advanced, more accessible, more
9:29
sophisticated.
9:31
How will they further complicate the
9:32
dynamics of cyber conflict and
9:34
deterrence you think?
9:36
Well, as the world embrace more
9:37
technologies,
9:39
it means that our attack surface or our
9:43
exposure to cyber threats will grow.
9:45
It is inevitable.
9:46
That's one thing. Secondly, the fact
9:49
that the technologies are becoming more
9:50
advanced, it means that the threat
9:52
actors are always on the lookout for new
9:54
tactics that they can use and new
9:57
opportunities to strike. But on the
10:00
defender side, we also have to be on the
10:02
lookout or search for new ways to defend
10:05
ourself. I would say that is actually a
10:07
marathon uh that never ends. But what
10:10
matters more is that we don't fall out
10:12
from the race. In this marathon that
10:14
never ends, how do you think Singapore
10:16
then should navigate these challenges
10:19
and the evolving risks in the global
10:21
cyber landscape?
10:22
I think what Singapore needs to maintain
10:23
or even do more is actually I would say
10:25
three areas. Deterrence, diplomacy and
10:28
diversification. Deterrence is basically
10:30
to let our people know that we have the
10:33
ability to detect and and block threats
10:35
and to let the threat actors know that
10:38
we can detect them. Diplomacy is
10:39
basically to work with like-minded
10:41
countries, countries with similar
10:42
interests to basically work together to
10:45
ensure that uh everybody out there uh
10:48
behave in a responsible manner in
10:50
cyerspace, sharing information on
10:52
threats among others. Diversification, I
10:54
would say that we need to be able to use
10:56
more than one digital system so that we
10:58
are not held hostage if one system is
11:00
being targeted. And of course, that also
11:02
includes being able to operate in a
11:04
landscape where our digital systems are
11:06
totally disrupted. H how ready do you
11:08
think Singapore is as the landscape
11:10
becomes more complicated you think? I
11:12
don't think Singapore or any country can
11:15
say that they are 100% ready.
11:17
But I believe that by public education
11:20
such as digital defense, by having uh
11:24
good cyber security measures, it keeps
11:26
us on a more uh resilient, more ready to
11:29
face the threats. I would say that the
11:31
threats are there. We face threats every
11:32
day,
11:33
but it is the ability to to to mitigate
11:36
the threats that matter more.
11:38
All right, Mr. Faizel, thank you so much
11:39
for coming in to speak with us tonight.
11:41
Uh that was Muhammad Faizel research
11:43
fellow at the SRA Anam school of
11:45
international studies.
#Military
#Politics
#Technology News