K Shanmugam: Singapore to share classified cyber threat intelligence with critical infrastructure sectors
Singapore will deepen cybersecurity cooperation with critical infrastructure sectors by sharing classified threat intelligence and offering stronger support for threat hunting, in a move announced by Coordinating Minister for National Security K. Shanmugam during the Singapore International Cyber Week on 21 October.
- Singapore will, for the first time, share classified cyber threat intelligence with critical infrastructure owners.
- The initiative, announced by Coordinating Minister for National Security K. Shanmugam, aims to counter sophisticated state-linked cyber actors.
- The move follows recent cyber attacks by UNC3886, a group linked by experts to China, though Singapore has refrained from attributing blame.
SINGAPORE: Owners of selected critical infrastructure in Singapore, including those in the energy, telecommunications and finance sectors, will soon receive classified cyber threat intelligence from the Government to help detect and mitigate cyber threats.
The announcement was made by Coordinating Minister for National Security K. Shanmugam on 21 October at the opening of the Singapore International Cyber Week at Marina Bay Sands.
Shanmugam described the move as a “significant shift” in Singapore’s cybersecurity approach, marking a transition from a regulatory framework to a collaborative model.
The aim, he said, is to “level the playing field between defenders and attackers and turn the tide against the threat actors.”
He emphasised that while the Government will increase intelligence sharing and support, organisations must also strengthen resilience and prepare to operate under degraded conditions, as some attacks may still succeed.
According to Shanmugam, cooperation between government agencies and technology partners is essential to “share intelligence, block attacks, and shut down networks used by cyber threat actors.”
Singapore also intends to continue strengthening international collaboration and promoting a rules-based global cyber order, he added, noting that cyber attacks “can come from anywhere in the world and be routed through any number of intermediate nodes.”
The latest initiatives come after authorities detected cyber attacks by the group UNC3886, which had targeted critical infrastructure in Singapore.
Shanmugam reiterated that Singapore has been under regular attack due to its geopolitical position and high level of digital connectivity, making it an “attractive target” for state-linked and organised cyber actors.
He further stated that Singapore will maintain a zero tolerance policy towards cyber attackers and will take enforcement action against those targeting local systems or using Singapore as a base to launch attacks abroad.
In his address, Shanmugam also revealed ongoing efforts by the police and the Internal Security Department (ISD) against a network of six foreign nationals operating from Singapore.
The group allegedly hacked overseas websites to steal personal data, which they later sold for profit. Four individuals have been charged with possessing hacking tools and malware.
The minister noted that “naturally, questions arise as to why they are doing this and whether they are doing this on behalf of who else,” but refrained from offering further speculation.
Cybersecurity firm Mandiant, owned by Google, has described UNC3886 as a “China-nexus espionage group”.
In response, the Chinese Embassy in Singapore issued a statement on 19 July expressing “strong dissatisfaction” with what it termed “groundless smears and accusations against China,” insisting that China itself is a “major victim of cyberattacks.”
When asked about attributing responsibility for such attacks, Shanmugam said in August that the Government would not name any specific country at this time.
He noted, “Media coverage and industry experts all attribute UNC3886 to some country. Government does not comment on this. Naming a specific country is not in our interest at this point in time.”
