![Cyberattack, a conceptual illustration. [Barry Downard/DA2/Science Photo Library via AFP]](/gc9/images/2025/07/21/51228-afp__20250219__f0438533__v1__highres__cyberattackconceptualillustration-370_237.webp)
By AFP and Focus |
Singapore and Taiwan are confronting parallel cyber offensives by suspected China-aligned espionage groups, raising fresh concerns over state-backed digital threats targeting critical sectors in the Indo-Pacific.
Singapore announced it was battling a "serious" cyberattack against its critical infrastructure, attributing the hack to an espionage group that experts have linked to China.
'Serious and ongoing' danger
The attack, a kind of Advanced Persistent Threat (APT), poses great danger to the city-state, Coordinating Minister for National Security K. Shanmugam said in a speech on July 18.
An APT refers to a cyberattack where an intruder establishes and maintains unauthorized access to a target, remaining undetected for a sustained period.
"I can say that it is serious and it is ongoing. And it has been identified to be UNC3886," Shanmugam said.
Shanmugam, who is also home affairs minister, did not elaborate on the group's sponsors or the origin of the attack.
But Google-owned cybersecurity firm Mandiant described UNC3886 as a "highly adept China-nexus cyber espionage group."
APT actors typically steal sensitive information and disrupt essential services, such as health care, telecoms, water, transport and power, Shanmugam said.
"If it succeeds, it can conduct espionage and it can cause major disruption to Singapore and Singaporeans," he added.
A breach of Singapore's power system, for example, could wreak havoc with the electricity supply, with knock-on effects on essential services, such as health care and transport.
"There are also economic implications. Our banks, airports and industries would not be able to operate. Our economy can be substantially affected," he said.
Growing threats
Between 2021 and 2024, suspected APTs against Singapore increased more than fourfold.
A cyber breach on a public healthcare cluster in 2018 accessed the medication records of about 160,000 patients, including then-Prime Minister Lee Hsien Loong.
On July 19, China's embassy in Singapore expressed "strong dissatisfaction" with media reports linking UNC3886 to China.
In a statement, the embassy said it "firmly opposes any unwarranted smearing of China" and that "in fact, China is one of the main victims of cyberattacks."
The attack on Singapore's critical infrastructure "highlights the extraordinary challenges posed by APT actors," Satnam Narang, senior staff research engineer at US-based cybersecurity firm Tenable, told AFP.
"Combating such stealthy opponents is becoming increasingly demanding as the scale and complexity of IT [information technology] infrastructure that organizations and nations must defend continues to grow," he said.
Governments in the region have grown more willing to attribute such activity to Chinese state interests, partly driven by a desire to increase public awareness and deterrence, The Straits Times reported July 19.
"It's likely that over the past few years, there have been many instances where governments were aware of Chinese state-sponsored activities targeting their countries and organizations, and they chose not to disclose these," Mark Kelly, a China-focused threat researcher at cybersecurity firm Proofpoint, said in the report.
Taiwan chip espionage
Meanwhile in Taiwan, China-aligned groups have intensified cyber espionage against the island's vital semiconductor industry, which is widely seen as the heart of the global tech supply chain.
Between March and June 2025, Proofpoint researchers observed a surge in phishing attacks targeting Taiwanese semiconductor firms.
The campaigns, attributed to at least three Chinese-linked APT groups, aimed to steal intellectual property and strategic intelligence across the sector, including chip design, manufacturing and supply chains.
Financial analysts who influence semiconductor investment decisions were in the crosshairs too.
Proofpoint's Kelly described the activity as part of a broader intelligence-gathering push likely tied to China's ambition for chip self-sufficiency.
Attackers used employment-themed phishing emails, compromised academic accounts and custom malware like Voldemort to gain and maintain access.
Technical evidence, including the use of Russian virtual private servers and SoftEther virtual private networks, suggested deliberate obfuscation efforts typical of Chinese-affiliated actors.
The campaign comes amid tightening US and Taiwanese export controls aimed at restricting China's access to advanced chip technologies. Proofpoint concluded that Beijing's geopolitical and economic priorities are directly shaping its cyber targets.
Although China has consistently denied any involvement in cyberattacks, the pattern of incidents paints a broader picture of coordinated digital espionage across Asia.
"Given the stakes, ongoing awareness and proactive defense are essential," Kelly said.