CEOs of critical infrastructure briefed on APT risks prior to Jul 18 announcement on UNC3886 attack
The Cyber Security Agency had convened CEOs of all critical information infrastructure (CII) for a briefing focusing on risks posed by advanced persistent threats (APTs). It took place before Jul 18, when it was announced that Singapore was under attack by by the entity identified as UNC3886. New requirements will be introduced for all CII owners to report incidents suspected to have been caused by APTs. Nicolas Ng with more.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Straits Times
2 days ago
- Straits Times
Reporting advanced suspected cyber attacks will provide a defence framework: Shanmugam
Sign up now: Get ST's newsletters delivered to your inbox (Seated, from left) Minister for Digital Development and Information Josephine Teo and Coordinating Minister for National Security K. Shanmugam touring the exhibits at the Exercise Cyber Star on Aug 1. SINGAPORE - Mandating that operators of critical systems, such as those that manage energy, water and transportation services, report suspected advanced attacks will provide the necessary framework for Singapore to defend itself, said Coordinating Minister for National Security K. Shanmugam on Aug 1. Declining to name the country behind the recent advanced persistent threat (APT) attack on Singapore, he urged organisations to have the mentality that there are and will be breaches. 'Accept that, and be prepared to defend,' he said, speaking on the sidelines of a biennial cybersecurity exercise, called Exercise Cyber Star, organised by the Cyber Security Agency of Singapore. 'Tell us immediately the moment you suspect (something). We work with you to try and deal with it,' he added. Mr Shanmugam's comments came after the authorities revealed in July that Singapore's critical information infrastructure (CII) came under attack from UNC3886, a state-linked advanced persistent threat actor. UNC3886 is one of several APT actors, whose activities have increased more than fourfold from 2021 to 2024, that target Singapore's CII. In light of increased threats, Singapore has also amended its Cybersecurity Act in 2024 to require CII operators to declare any cyber-security outage, and any attack on their premises or along their supply chain. Top stories Swipe. Select. Stay informed. World Trump modifies reciprocal tariffs ahead of deadline; rate on Singapore likely to remain at 10% Business Singapore's US tariff rate stays at 10%, but the Republic is not out of the woods yet Singapore NUS launches S'pore's first nursing practice doctorate to meet evolving healthcare needs Singapore Data breach involving 147,000 Cycle & Carriage Singapore customer records under probe Business CAD probing Tokenize Xchange operator; firm's director charged with fraudulent trading Singapore PM Wong to deliver National Day message on Aug 8 Singapore Man charged over kicking woman's face in Teck Whye Lane flat, leading to her death In particular, operators of critical systems must report suspected APT attacks to CSA, whose oversight will expand to include risks that come from suppliers and cloud services. The amendments are expected to kick in later in 2025. Declining to name the country behind UNC3886, Mr Shanmugum said: 'We release information that we assess is in the public a specific country is not in our interest at this point of time.' Experts have said that the group is linked to China. On naming the group, he added: 'In this case, we felt that the situation and the threat of the attack and compromise was serious enough, and we were confident enough to name UNC3886.' In a statement on July 19 responding to media reports about UNC3886 being linked to Beijing, a spokesperson for the Chinese Embassy in Singapore said: 'China expresses strong dissatisfaction with this, and we resolutely oppose any unwarranted smearing against China. 'In fact, China is one of the main victims of cyber attacks. We reiterate that China resolutely opposes and combats any form of cyber attacks in accordance with the law, and will not encourage, support or condone hacker attacks.' On Aug 1, Mr Shanmugam also spoke about the need for cybersecurity exercises to be better prepared for attacks, which is why Exercise Cyber Star is important. The exercise is in its sixth edition, and is the largest to date. It was held over a period of 11 days and involved nearly 500 participants from CSA, owners from Singapore's 11 critical sectors, and the Singapore Armed Forces' Digital and Intelligence Service. At the event, CII operators were tested on their skills in countering simulated cyber attacks such as those from APT actors. CII operators were also tested on their ability to deal with spillover effects from the attacks that affect the larger business community and society. 'This exercise brings together the different sector leads, critical infrastructure exercise real-life scenarios,' said Mr Shanmugam. 'Imagine millions of people travelling on our subways, and something goes wrong... What's your approach on dealing with the attack? How do you recover from it?' he said, noting that the private sector also needs to have the know-how to better work with the government to contain the damages. Singapore's 11 CII sectors are aviation, healthcare, land transport, maritime, media, security and emergency services, water, banking and finance, energy, infocomm and government. UNC3886 is not the first APT attack on Singapore - there was a security breach in the Ministry of Foreign Affairs' technology systems back in 2014, and intrusions in the networks of two local universities in 2017 believed to be aimed at stealing government and research data. The Republic experienced its worst data breach in 2018, which involved the personal particulars of 1.5 million patients including former Prime Minister Lee Hsien Loong. The attacker in this breach on SingHealth was said to have been persistent in its efforts to access the electronic medical records system, and is believed to have lurked in the healthcare group's network for at least nine months.
CNA
5 days ago
- CNA
CEOs of critical infrastructure briefed on APT risks prior to Jul 18 announcement on UNC3886 attack
The Cyber Security Agency had convened CEOs of all critical information infrastructure (CII) for a briefing focusing on risks posed by advanced persistent threats (APTs). It took place before Jul 18, when it was announced that Singapore was under attack by by the entity identified as UNC3886. New requirements will be introduced for all CII owners to report incidents suspected to have been caused by APTs. Nicolas Ng with more. The Cyber Security Agency had convened CEOs of all critical information infrastructure (CII) for a briefing focusing on risks posed by advanced persistent threats (APTs). It took place before Jul 18, when it was announced that Singapore was under attack by by the entity identified as UNC3886. New requirements will be introduced for all CII owners to report incidents suspected to have been caused by APTs. Nicolas Ng with more.
CNA
5 days ago
- CNA
Critical information infrastructure owners must report all APT incidents under new rules: Josephine Teo
SINGAPORE: Owners of Singapore's critical information infrastructure (CII) will soon be required to report any incidents suspected to be caused by advanced persistent threats (APTs). The reports must be made to the Cyber Security Agency of Singapore (CSA), said Minister for Digital Development and Information Josephine Teo at the Operational Technology Cybersecurity Expert Panel (OTCEP) Forum on Tuesday (Jul 29). The new regulations, to take effect later this year, come as Singapore raises its cyber threat alert level in the face of an ongoing attack, according to Mrs Teo. Earlier this month, Coordinating Minister for National Security K Shanmugam said Singapore is actively dealing with a "highly sophisticated threat actor" attacking its critical infrastructure. Known as UNC3886, the entity has been described by Google-owned cybersecurity firm Mandiant as a "China-nexus espionage group" that has targeted prominent strategic organisations on a global scale. 'On several occasions in the past, CSA has raised the National Cyber Threat Alert Level (NCTAL). This is to urge everyone to be more alert to cyber threats across Singapore, and especially across all CIIs,' said Mrs Teo. 'Given the UNC3886 attack and heightened APT activity, it should not come as a surprise to anyone that we are currently in a heightened state of alert.' She shared that the CSA has also convened the CEOs of all CII owners for 'a classified briefing on the threat landscape, focusing particularly on the threat from APTs'. This is all part of efforts to share guidance on the threats and help the CIIs sharpen their readiness response, said Mrs Teo. She urged the sector not to view the new measures, which flow from last year's Cybersecurity Act amendments to strengthen incident reporting requirements, as a burden. Under the new regulations, CII owners must report the APT incidents verbally within two hours upon suspicion or awareness, followed by a written report within 72 hours, according to CSA. 'If organisations suspect that they have been targeted, they cannot – and should not – confront the attackers on their own,' said Mrs Teo. 'Reporting such detections early allows CSA to help you. It will also help us coordinate an appropriate national response.' REAL-WORLD CONSEQUENCES In her speech, Mrs Teo said it is easy to underestimate the importance of basic cyber hygiene, something that has caused many preventable attacks. She said that cybersecurity is often likened to a team sport. However, while sports have rules, referees, and the principle of fair play, the cyber realm is more adversarial. 'Those of us in this room today are indeed, on the same team. We are playing defence. But our opponents do not play by the same rules,' she told attendees at Tuesday's forum. 'And a loss for us could have severe consequences for the people we have been entrusted to take care of.' Mrs Teo cited cases in Ukraine, Russia and Norway, where critical functions like heating and sewage management were disrupted. In fact, there are more of such attacks taking place worldwide, with the actors driven by various reasons, she said. One is financial gain, while another is for long-term persistence, like in the case of APTs, said Mrs Teo. APTs deploy advanced tools, evade detection and maintain persistent access in high-value networks, she said. 'APTs are often state-linked, well-resourced and determined. They may conduct espionage for their state sponsor. Their other task may be to develop the capacity to disrupt the services and assets in other states,' said Mrs Teo. She noted that the ongoing UNC3886 attack on Singapore's critical infrastructure is part of a broader trend, with APT activity detected in Singapore rising over four-fold from 2021 to 2024. 'Until recently, we had not said much about APT activity. Nor had we named any of the groups involved,' said Mrs Teo. However, the Singapore authorities are now doing so for the first time to let the public know that such threats are not imagined, but real, she said. 'We also need everyone to understand that the potential consequences to our economy and society are very serious,' said Mrs Teo. APTs target critical infrastructure, which provides essential services for the country, and any attack will have serious real-world consequences. 'These 'live' attacks remind us that cybersecurity is not a nice-to-have. It is a must, not just for the IT personnel, but for the CEO and the board,' said Mrs Teo. 'In particular, the owners of CIIs must raise your vigilance, because you provide essential services that Singapore and Singaporeans depend on.' The CSA will sign a memorandum of collaboration in OT cybersecurity with ST Engineering, to secure access to the latest tools and expertise, and let engineering teams on both sides jointly study and develop solutions in the sector, said Mrs Teo. In his opening remarks at Tuesday's event, CSA chief executive David Koh said the agency will continue to work closely with local organisations and international partners to share information and take action against any threats.
