Singapore is under a “serious” cyberattack targeting critical infrastructure, said K. Shanmugam, the country’s coordinating minister for national security. The attack is ongoing and attributed to UNC3886, a group tied to advanced persistent threats (APTs), Shanmugam revealed in a Friday speech.

“This is serious and ongoing,” he said. “It has been identified to be UNC3886.”

Shanmugam, who also serves as the home affairs minister, did not name the group’s sponsors. However, cybersecurity firm Mandiant, owned by Google, has linked UNC3886 to Chinese cyber espionage.

“Even as we speak, UNC3886 is attacking our critical infrastructure,” Shanmugam added. Singapore’s Cyber Security Agency (CSA) and other authorities are actively managing the threat. APTs are well-funded and skilled actors that typically target key systems like healthcare, water, transport, and power.

“If it succeeds, it can conduct espionage and cause major disruption to Singapore and Singaporeans,” Shanmugam warned.

He noted that a successful breach of Singapore’s power grid could interrupt electricity and impact other services like healthcare and transport. “There are also economic implications,” he stated. “Banks, airports, and industries would not be able to operate. Our economy can be substantially affected.”

Between 2021 and 2024, suspected APT attacks on Singapore increased more than fourfold, according to officials. In 2018, a cyber breach of a public healthcare cluster exposed medical records of 160,000 patients, including then-Prime Minister Lee Hsien Loong.

Cybersecurity experts say the ongoing attack underscores the growing threat from APT groups. Satnam Narang, senior staff research engineer at U.S.-based cybersecurity firm Tenable, said, “The attack highlights the extraordinary challenges posed by APT actors.” Combating such stealthy opponents is becoming more difficult, as IT infrastructure grows more complex and widespread, he said.