SINGAPORE: While naming a specific country linked to cyber threat group UNC3886 is not in Singapore’s interest at this point in time, the attack was still serious enough for the government to let the public know about the group, said Coordinating Minister for National Security and Minister for Home Affairs K Shanmugam on Friday (Aug 1).
Speaking to reporters on the side of the Cyber Security Agency of Singapore’s (CSA) Exercise Cyber Star, the national cybersecurity crisis management exercise, Mr Shanmugam said that when it comes to naming any country responsible for a cyber attack, “we always think about it very carefully”.
Responding to a question from CNA on reports tying the group to China, Mr Shanmugam said: “Media coverage (and) industry experts all attribute UNC3886 to some country … Government does not comment on this.
“We release information that we assess is in the public interest. Naming a specific country is not in our interest at this point in time.”
UNC3886 has been described by Google-owned cybersecurity firm Mandiant as a “China-nexus espionage group” that has targeted prominent strategic organisations on a global scale.
Mr Shanmugam had announced on Jul 18 that Singapore is actively dealing with a “highly sophisticated threat actor” that is attacking critical infrastructure, identifying the entity as UNC3886 without disclosing if it was a state-linked actor.
He said the threat actor poses a serious danger to Singapore and could undermine the country’s national security, and added that it was not in Singapore’s security interests to disclose further details of the attack then.
When asked the following day about UNC3886’s alleged links to China and possible retaliation for naming them, Mr Shanmugam, who is also Home Affairs Minister, said this was “speculative”.
“Who they are linked to and how they operate is not something I want to go into,” he said.
Responding to media reports in a Jul 19 Facebook post, the Chinese embassy in Singapore expressed its “strong dissatisfaction” at the claims linking the country to UNC3886, stating that they were “groundless smears and accusations against China”.
“In fact, China is a major victim of cyberattacks,” it wrote.
“The embassy would like to reiterate that China is firmly against and cracks down (on) all forms of cyberattacks in accordance with law. China does not encourage, support or condone hacking activities.”
On Friday, Mr Shanmugam also gave his reasons for disclosing the identity of threat actors like UNC3886.
“We look at the facts of each case (and) the degree of confidence we have before we can name. And when we decide to name the threat actor, we look at whether it is in Singapore’s best interest,” said Mr Shanmugam, who is also the home affairs minister.
In this case, the threat, attack and compromise to Singapore’s infrastructure was “serious enough” and the government was confident enough to name UNC3886 as the perpetrators, he said.
“Here, we said this is serious. They have gotten in. They are compromising a very serious critical infrastructure. Singaporeans ought to know about it, and awareness has got to increase. And because of the seriousness, it is in the public interest for us to disclose,” said Mr Shanmugam.
ATTACKS HAVE HAPPENED ELSEWHERE
Mr Shanmugam was accompanied at Friday’s exercise by Minister for Digital Development and Information Josephine Teo, who is also Minister-in-Charge of Cybersecurity.
Held at the Singapore Institute of Technology in Punggol, the exercise saw teams from critical sector organisations tackle cybersecurity challenges based on key threats, such as advanced persistent threats (APTs) and attacks on critical systems.
APTs are a type of prolonged cyberattack typically carried out by well-resourced threat actors.
