Singapore's Critical Infrastructure

Singapore’s critical infrastructure is under siege from UNC3886, a sophisticated China-linked APT group. They have been actively targeting essential services like energy, water, telecommunications, and government systems, exploiting zero-day vulnerabilities in widely used network and virtualization technologies. The group poses a severe risk to national security, potentially causing widespread disruptions if successful.

Source: https://cybersecuritynews.com/unc3886-hackers-exploiting-0-days/

TPRM report: https://www.rankiteo.com/company/cyber-security-agency-of-singapore-csa-

"id": "cyb745072825",
"linkid": "cyber-security-agency-of-singapore-csa-",
"type": "Cyber Attack",
"date": "7/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"

{'affected_entities': [{'industry': ['Energy',
                                     'Water',
                                     'Telecommunications',
                                     'Government'],
                        'location': 'Singapore',
                        'name': "Singapore's Critical Infrastructure",
                        'type': 'Government and Essential Services'}],
 'attack_vector': ['Zero-day vulnerabilities',
                   'Custom malware',
                   'Living-off-the-land tactics',
                   'Rootkits'],
 'date_detected': '2022',
 'date_publicly_disclosed': '2025-07-18',
 'description': 'Singapore’s critical infrastructure is under siege from '
                'UNC3886, a sophisticated China-linked advanced persistent '
                'threat (APT) group. As of July 2025, the group has been '
                'actively targeting essential services like energy, water, '
                'telecommunications, and government systems, prompting urgent '
                'warnings from officials.',
 'impact': {'operational_impact': 'Potential widespread disruptions',
            'systems_affected': ['VMware vCenter/ESXi',
                                 'Fortinet FortiOS',
                                 'Juniper Junos OS']},
 'initial_access_broker': {'backdoors_established': ['TinyShell',
                                                     'RifleSpine',
                                                     'CastleTap'],
                           'entry_point': 'Zero-day vulnerabilities',
                           'high_value_targets': ['Defense',
                                                  'Technology',
                                                  'Telecommunications',
                                                  'Utilities']},
 'investigation_status': 'Under investigation by CSA',
 'motivation': 'Cyber espionage, national security disruption',
 'references': [{'source': 'Trend Micro report'}],
 'threat_actor': 'UNC3886',
 'title': "UNC3886 Targeting Singapore's Critical Infrastructure",
 'type': 'Advanced Persistent Threat (APT)',
 'vulnerability_exploited': ['CVE-2023-34048',
                             'CVE-2022-41328',
                             'CVE-2022-22948',
                             'CVE-2023-20867',
                             'CVE-2022-42475',
                             'CVE-2025-21590']}

Singapore's Critical Infrastructure

Ronald Reagan Washington National Airport: What to do after a data breach, according to identity theft experts

Telus Digital and Telus Corp.: Telus Digital investigates cyberattack on 'limited number' of its systems

Microsoft: Paubox Research on Email Security Identifies Top Security Risks in 2026