Cyber Security

Singapore attributes cyberattacks to China-linked group

Minister issues rare condemnation of cyberattacks.

Paul Mah

Paul Mah

2 min read
Singapore attributes cyberattacks to China-linked group
Photo Credit: YTL PowerSeraya

Singapore's critical infrastructure is under cyberattack by APT attackers, says Minister Shanmugam. What's an APT and why does it matter?

What's happening?

According to a Straits Times report yesterday, the authorities are dealing with an ongoing attack on Singapore's CII by a cyber espionage group.

The group blamed for the attacks is known as the state-sponsored UNC3886, which seeks to gain unauthorised access using:

  • Custom malware.
  • Zero-day exploits.
  • Vulnerabilities.

English, please

Let's decipher it one at a time. CII stands for critical information infrastructure, which in Singapore is defined as systems that support essential services.

Some examples:

  • Energy.
  • Water.
  • Finance.
  • Healthcare.
  • Transport (Land, sea, air).
  • Data Centres (Soon).
    ... and more

In cybersecurity, custom malware is malicious software that's engineered to attack specific systems. Zero-day exploits are novel attacks designed to exploit system vulnerabilities. By this definition, they always succeed.

The significant R&D required to develop zero-day exploits and write custom malware speaks of an entity with formidable resources. So, this isn't your typical cyber expert or even a cybercrime group. Think teams of professional hackers and full-time security researchers.

What's the purpose?

From the report, a state-linked group is seeking to break into systems using "APT" techniques. A simple way to see it is to gain long-term access to highly strategic systems.

Why go to such trouble and expense?

  • In today’s highly digitalised and connected world, the ability to steal information or sabotage vital systems can win wars before they even begin.
  • Alternatively, targeting strategic systems can shake public confidence, spread fear, or spark social unrest, without firing a single shot.

Indeed, there is a non-zero chance of remotely shutting down or damaging power plants with the right level of access. Take enough power offline, and the grid itself could collapse.

In a nutshell, it's a form of espionage. You don’t discuss it in polite company, but you’d be wise to assume others are doing it.

Impossible to prove

Crucially, unlike in a kinetic war, it is next to impossible to prove who is behind a cyberattack.

Sure, logs could yield clues such as the use of indigenous language, lingo specific to a region, or techniques or tools attributed to a particular group.

But these "clues" could just as easily be planted, so the bar for certainty is necessarily high.

It is hence telling that Minister Shanmugam shared the name of the suspected hacking group. To me, that is a message in itself.

Read more