{
	"id": "2aec973f-52f1-4207-a1b7-1af9ebeffc12",
	"created_at": "2026-04-06T03:36:54.023606Z",
	"updated_at": "2026-04-10T03:34:44.475328Z",
	"deleted_at": null,
	"sha1_hash": "323a57a8dcaaad98b8b9dfc43fc2a9fd5b74908e",
	"title": "Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 851308,
	"plain_text": "Singapore accuses Chinese state-backed hackers of attacking\r\ncritical infrastructure networks\r\nBy James Reddick\r\nPublished: 2025-07-18 · Archived: 2026-04-06 03:17:59 UTC\r\nSingapore’s critical infrastructure is being targeted by a Chinese espionage hacking group, a senior official said\r\nFriday. \r\nIn a speech, Singapore’s Coordinating Minister for National Security K. Shanmugam highlighted the activity of\r\nUNC3886, an espionage group that has previously targeted routers and network security devices to infiltrate\r\ncritical entities. \r\n“The intent of this threat actor in attacking Singapore is quite clear,” Shanmugan said. “It is going after high value\r\nstrategic threat targets, vital infrastructure that deliver essential services.”\r\nShanmugan did not disclose details of UNC3886’s activity but said “it is serious and it’s ongoing… and we will\r\nassess whether it is in our interest to disclose more details later.” \r\n“UNC3886 poses a serious threat to us and has the potential to undermine our national security,” he said. “Even as\r\nwe speak, [the group] is attacking our critical infrastructure right now.“\r\nResearchers at the Google-owned cybersecurity firm Mandiant recently attributed a campaign to deploy custom\r\nbackdoors on Juniper Networks routers to UNC3886. \r\nThe hackers “seem to be focused mainly on defense, technology, and telecommunication organizations located in\r\nthe US and Asia,” Mandiant wrote, and “prioritize[s] stealth in its operations … indicating a focus on long-term\r\npersistence, while minimizing the risk of detection.” \r\nThe group has also been seen targeting Fortinet and VMware network devices. \r\nSingapore has grappled with Chinese advanced persistent threat groups, which frequently target countries in\r\nBeijing’s orbit. The Chinese state hacking group Volt Typhoon is believed to have breached Singapore’s largest\r\nmobile carrier, Singapore Telecommunications Ltd., in the summer of 2024. \r\nIn his speech Friday, Shanmugam warned that the targeting of critical industries has the potential to create\r\ncascading impacts.  \r\n“Attacks on our systems and infrastructure will then impact on how we do business, who will be our vendors, and\r\nwhat's in our supply chains,” he said. “All of that will have to be re-looked at, and if we decide that we cannot\r\ntrust them then we may choose not to use them.”\r\nhttps://therecord.media/singapore-accuses-chinese-backed-hackers-critical-infrastructure-attacks\r\nPage 1 of 2\n\nJames Reddick\r\nhas worked as a journalist around the world, including in Lebanon and in Cambodia, where he was Deputy\r\nManaging Editor of The Phnom Penh Post. He is also a radio and podcast producer for outlets like Snap\r\nJudgment.\r\nSource: https://therecord.media/singapore-accuses-chinese-backed-hackers-critical-infrastructure-attacks\r\nhttps://therecord.media/singapore-accuses-chinese-backed-hackers-critical-infrastructure-attacks\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://therecord.media/singapore-accuses-chinese-backed-hackers-critical-infrastructure-attacks"
	],
	"report_names": [
		"singapore-accuses-chinese-backed-hackers-critical-infrastructure-attacks"
	],
	"threat_actors": [
		{
			"id": "846522d7-29cb-4a0c-8ebe-ffba7429e2d7",
			"created_at": "2023-06-23T02:04:34.793629Z",
			"updated_at": "2026-04-10T02:00:04.971054Z",
			"deleted_at": null,
			"main_name": "Volt Typhoon",
			"aliases": [
				"Bronze Silhouette",
				"Dev-0391",
				"Insidious Taurus",
				"Redfly",
				"Storm-0391",
				"UAT-5918",
				"UAT-7237",
				"UNC3236",
				"VOLTZITE",
				"Vanguard Panda"
			],
			"source_name": "ETDA:Volt Typhoon",
			"tools": [
				"FRP",
				"Fast Reverse Proxy",
				"Impacket",
				"LOLBAS",
				"LOLBins",
				"Living off the Land"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "9df8987a-27fc-45c5-83b0-20dceb8288af",
			"created_at": "2025-10-29T02:00:51.836932Z",
			"updated_at": "2026-04-10T02:00:05.253487Z",
			"deleted_at": null,
			"main_name": "UNC3886",
			"aliases": [
				"UNC3886"
			],
			"source_name": "MITRE:UNC3886",
			"tools": [
				"MOPSLED",
				"VIRTUALPIE",
				"CASTLETAP",
				"THINCRUST",
				"VIRTUALPITA",
				"RIFLESPINE"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "a08d93aa-41e4-4eca-a0fd-002d051a2c2d",
			"created_at": "2024-08-28T02:02:09.711951Z",
			"updated_at": "2026-04-10T02:00:04.957678Z",
			"deleted_at": null,
			"main_name": "UNC3886",
			"aliases": [
				"Fire Ant"
			],
			"source_name": "ETDA:UNC3886",
			"tools": [
				"BOLDMOVE",
				"CASTLETAP",
				"LOOKOVER",
				"MOPSLED",
				"RIFLESPINE",
				"TABLEFLIP",
				"THINCRUST",
				"Tiny SHell",
				"VIRTUALGATE",
				"VIRTUALPIE",
				"VIRTUALPITA",
				"VIRTUALSHINE",
				"tsh"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "1c91699d-77d3-4ad7-9857-9f9196ac1e37",
			"created_at": "2023-11-04T02:00:07.663664Z",
			"updated_at": "2026-04-10T02:00:03.385989Z",
			"deleted_at": null,
			"main_name": "UNC3886",
			"aliases": [],
			"source_name": "MISPGALAXY:UNC3886",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "a88747e2-ffed-45d8-b847-8464361b2254",
			"created_at": "2023-11-01T02:01:06.605663Z",
			"updated_at": "2026-04-10T02:00:05.289908Z",
			"deleted_at": null,
			"main_name": "Volt Typhoon",
			"aliases": [
				"Volt Typhoon",
				"BRONZE SILHOUETTE",
				"Vanguard Panda",
				"DEV-0391",
				"UNC3236",
				"Voltzite",
				"Insidious Taurus"
			],
			"source_name": "MITRE:Volt Typhoon",
			"tools": [
				"netsh",
				"PsExec",
				"ipconfig",
				"Wevtutil",
				"VersaMem",
				"Tasklist",
				"Mimikatz",
				"Impacket",
				"Systeminfo",
				"netstat",
				"Nltest",
				"certutil",
				"FRP",
				"cmd"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "49b3063e-a96c-4a43-b28b-1c380ae6a64b",
			"created_at": "2025-08-07T02:03:24.661509Z",
			"updated_at": "2026-04-10T02:00:03.644548Z",
			"deleted_at": null,
			"main_name": "BRONZE SILHOUETTE",
			"aliases": [
				"Dev-0391 ",
				"Insidious Taurus ",
				"UNC3236 ",
				"Vanguard Panda ",
				"Volt Typhoon ",
				"Voltzite "
			],
			"source_name": "Secureworks:BRONZE SILHOUETTE",
			"tools": [
				"Living-off-the-land binaries",
				"Web shells"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "4ed2b20c-7523-4852-833b-cebee8029f55",
			"created_at": "2023-05-26T02:02:03.524749Z",
			"updated_at": "2026-04-10T02:00:03.366175Z",
			"deleted_at": null,
			"main_name": "Volt Typhoon",
			"aliases": [
				"BRONZE SILHOUETTE",
				"VANGUARD PANDA",
				"UNC3236",
				"Insidious Taurus",
				"VOLTZITE",
				"Dev-0391",
				"Storm-0391"
			],
			"source_name": "MISPGALAXY:Volt Typhoon",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775446614,
	"ts_updated_at": 1775792084,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/323a57a8dcaaad98b8b9dfc43fc2a9fd5b74908e.pdf",
		"text": "https://archive.orkl.eu/323a57a8dcaaad98b8b9dfc43fc2a9fd5b74908e.txt",
		"img": "https://archive.orkl.eu/323a57a8dcaaad98b8b9dfc43fc2a9fd5b74908e.jpg"
	}
}