Singapore says China-linked group UNC3886 targeted its critical infrastructure by hacking routers and security devices.———————————————————————————————————————–Singapore accused China-linked APT group [UNC3886](https://securityaffairs.com/175308/apt/china-linked-apt-unc3886-targets-eol-juniper-routers.html) of targeting its critical infrastructure. UNC3886 is a sophisticated China-linked cyber espionage group that targets network devices and virtualization technologies using zero-day exploits. Its primary focus is on defense, technology, and telecommunications sectors in the US and Asia.In 2023, the APT group targeted multiple government organizations using the Fortinet zero-day [CVE-2022-41328](https://securityaffairs.com/143594/apt/china-fortinet-zero-day-attacks.html) to deploy custom backdoors.In March 2025, the group carried out a campaign [**targeting Juniper Networks’ Junos OS routers**](https://securityaffairs.com/175308/apt/china-linked-apt-unc3886-targets-eol-juniper-routers.html), demonstrating a deep knowledge of system internals. UNC3886 prioritizes stealth by using passive backdoors and tampering with logs and forensic artifacts to ensure long-term persistence while evading detection.Singapore’s Coordinating National Security Minister K. Shanmugam confirmed that the China-nexus group has targeted routers and security devices to infiltrate critical infrastructure in the country.[](https://www.straitstimes.com/singapore/critical-infrastructure-in-spore-attacked-by-cyber-espionage-group-shanmugam?ref=inline-article)*’UNC3886 poses a serious threat to us and has the potential to undermine our national security.’ [On July 18, Coordinating Minister for National Security K. Shanmugam said](https://www.straitstimes.com/singapore/who-is-unc3886-the-group-that-attacked-spores-critical-information-infrastructure). ‘Even as we speak, UNC3886 is attacking our critical infrastructure right now.’**’The intent of this threat actor in attacking Singapore is quite clear. They are going after high-value, strategic targets — vital infrastructure that delivers our essential services.’ he added.**’If it succeeds, it can conduct espionage, and it can cause major disruption to Singapore and Singaporeans.’*According to Shanmugan, the UNC3886’s activity is still ongoing and could potentially undermine the national security. He also added that the government will disclose more details later.*’Attacks on our systems and infrastructure will then impact on how we do business, who will be our vendors, and what’s in our supply chains,’ [he concluded](https://therecord.media/singapore-accuses-chinese-backed-hackers-critical-infrastructure-attacks). ‘All of that will have to be re-looked at, and if we decide that we cannot trust them then we may choose not to use them.’*China-linked APT groups often target Asian countries, such as Singapore, [Japan, South Korea, Hong Kong](https://securityaffairs.com/179406/malware/lapdogs-china-nexus-hackers-hijack-1000-soho-devices-for-espionage.html), and [Taiwan](https://securityaffairs.com/175728/hacking/uat-5918-atp-group-targets-critical-taiwan.html).China-linked APT group [Volt Typhoon](https://securityaffairs.com/170872/apt/volt-typhoon-botnet-has-re-emerged.html) is believed to have hacked Singapore’s mobile carrier Singapore Telecommunications in 2024.Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, Singapore)
Related Tags:
DEV-0391
UNC3236
Voltzite
Vanguard Panda
NAICS: 921 – Executive
Legislative
Other General Government Support
NAICS: 927 – Space Research And Technology
NAICS: 517 – Telecommunications
NAICS: 221 – Utilities
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
Associated Indicators: