Chinese Embassy rebukes Singapore media for linking cyber group UNC3886 to China
The Chinese Embassy in Singapore has voiced strong dissatisfaction with local media reports associating cyber espionage group UNC3886 with China, following comments made by Minister K Shanmugam. The embassy accused media outlets of repeating unverified claims from foreign cybersecurity firms and reiterated China’s stance against hacking activities.
- Chinese Embassy rejects reports linking UNC3886 to China, calling them baseless.
- Embassy responds after Minister K Shanmugam cited Google-owned Mandiant’s assessment of the group as China-linked.
- China asserts it is a major victim of cyberattacks and urges global cooperation on cybersecurity.
SINGAPORE: The Chinese Embassy in Singapore has expressed strong dissatisfaction with local media reports that linked cyber espionage group UNC3886 to China, following recent remarks by a senior Singaporean minister.
In a pair of Facebook posts issued on 19 July 2025, the embassy criticised media coverage that referenced comments by Singapore’s Coordinating Minister for National Security, K Shanmugam.
The embassy stated that the media reports—published by The Straits Times, Lianhe Zaobao, and Channel NewsAsia—relied on “so-called information from a certain country’s cybersecurity company” and repeated claims that UNC3886 was associated with China.
The reports stemmed from statements made by Mr Shanmugam during a speech on 18 July at a dinner commemorating the 10th anniversary of the Cyber Security Agency of Singapore (CSA).
In his remarks, Mr Shanmugam identified UNC3886 as a “highly sophisticated threat actor” responsible for targeting Singapore’s critical infrastructure.
He cited cybersecurity firm Mandiant—which is owned by Google—as having assessed UNC3886 as a “China-nexus espionage group” that has globally targeted prominent strategic organisations.
Mr Shanmugam, who also serves as Singapore’s Minister for Home Affairs, said the group posed a serious threat to national security. However, he declined to disclose further operational details, citing security concerns.
In response, the Chinese Embassy described the linkage to China as unfounded. “The Chinese government expresses its strong dissatisfaction with this and opposes any groundless smears and accusations against China,” it said.
The embassy asserted that China is one of the major global victims of cyberattacks, and reiterated its policy of opposing and cracking down on hacking activities in accordance with Chinese law.
“China does not encourage, support or condone hacking activities,” it said, adding that maintaining cyberspace security is a global challenge requiring collective international cooperation.
To support its claim of being a cyberattack target, the embassy cited multiple incidents involving Chinese institutions and infrastructure.
It noted that between 26 January and 14 February 2025, information systems used during the 9th Asian Winter Games in China were subjected to more than 270,000 cyberattacks from abroad.
It further stated that in 2024, China’s 360 Security Technology Inc detected more than 1,300 advanced persistent threat (APT) attacks on Chinese networks. These attacks reportedly originated from South Asia, Southeast Asia, East Asia, and North America.
Key Chinese sectors affected included government institutions, education, scientific research, defence, and transportation.
The embassy also referenced the cyberattack on Northwestern Polytechnical University in April 2022, during which over 40 specialised cyber weapons were used to launch hundreds of thousands of attacks aimed at extracting core technical data.
“Countries must come together and respond with joint efforts” to address cybersecurity challenges, the embassy said.
