Singapore says China-linked group UNC3886 targeted its critical infrastructure by hacking routers and security devices.
Singapore accused China-linked APT group UNC3886 of targeting its critical infrastructure. UNC3886 is a sophisticated China-linked cyber espionage group that targets network devices and virtualization technologies using zero-day exploits. Its primary focus is on defense, technology, and telecommunications sectors in the US and Asia.
In 2023, the APT group targeted multiple government organizations using the Fortinet zero-day CVE-2022-41328 to deploy custom backdoors.
In March 2025, the group carried out a campaign targeting Juniper Networks’ Junos OS routers, demonstrating a deep knowledge of system internals. UNC3886 prioritizes stealth by using passive backdoors and tampering with logs and forensic artifacts to ensure long-term persistence while evading detection.
Singapore’s Coordinating National Security Minister K. Shanmugam confirmed that the China-nexus group has targeted routers and security devices to infiltrate critical infrastructure in the country.
“UNC3886 poses a serious threat to us and has the potential to undermine our national security.” On July 18, Coordinating Minister for National Security K. Shanmugam said. “Even as we speak, UNC3886 is attacking our critical infrastructure right now.”
“The intent of this threat actor in attacking Singapore is quite clear. They are going after high-value, strategic targets – vital infrastructure that delivers our essential services.” he added.
“If it succeeds, it can conduct espionage, and it can cause major disruption to Singapore and Singaporeans.”
According to Shanmugan, the UNC3886’s activity is still ongoing and could potentially undermine the national security. He also added that the government will disclose more details later.
“Attacks on our systems and infrastructure will then impact on how we do business, who will be our vendors, and what’s in our supply chains,” he concluded. “All of that will have to be re-looked at, and if we decide that we cannot trust them then we may choose not to use them.”
China-linked APT groups often target Asian countries, such as Singapore, Japan, South Korea, Hong Kong, and Taiwan.
China-linked APT group Volt Typhoon is believed to have hacked Singapore’s mobile carrier Singapore Telecommunications in 2024.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Singapore)