Why did Singapore name cyberthreat group UNC3886 and is it linked to China?

South China Morning Post

a day ago

Singapore has made a rare move to identify the UNC3886 cyberthreat group that it says is attacking local critical infrastructure.
UNC3886 has been identified by Google-owned cybersecurity firm Mandiant as a China-linked cyber espionage group, although Beijing's embassy in Singapore has vehemently rejected the claim.
Singapore's Coordinating Minister for National Security K Shanmugam said during a speech at the 10th anniversary of the Cyber Security Agency last Friday that from 2021 to last year, suspected advanced persistent threats against Singapore had increased more than fourfold. These threats often carried out state objectives, the minister noted.
Shanmugam, who is also home affairs minister, said one advanced persistent threat group Singapore was facing was UNC3886, which the industry had associated with cyberattacks against critical areas such as defence, telecommunications and technology organisations in the United States and Asia.
'The intent of this threat actor in attacking Singapore is quite clear. They are going after high value, strategic targets. Vital infrastructure that delivers our essential services. If it succeeds, it can conduct espionage, and it can cause major disruption to Singapore and Singaporeans,' he said, without naming the suspected country linked to UNC3886.
Less than a day after his speech, the minister posted that lottery numbers for 3886 in Singapore had been sold out. 'I said Singaporeans need to know that UNC3886 is attacking us in cyberspace. And that it's very serious. One reaction: No 3886 has been sold out for 4D today,' he wrote on social media.