New systems target advanced persistent threats following UNC3886 cyberattacks

Singapore will develop and deploy its own threat detection tools to help critical information infrastructure (CII) owners combat advanced persistent threats, following recent cyberespionage attacks on local telcos.

Homegrown Tools to Counter Advanced Threats
The Cyber Security Agency of Singapore (CSA) said proprietary threat detection tools will be developed by the Centre for Strategic Infocomm Technologies under the Ministry of Defence.

Senior Minister of State Tan Kiat How said the systems are already deployed in selected CII systems and will be progressively rolled out to strengthen defenses against state-sponsored advanced persistent threats (APTs).

UNC3886 Attacks Prompt Stronger Measures
The move follows attacks by cyberespionage group UNC3886, which targeted four major Singapore telcos in 2025. While no sensitive personal data was stolen, attackers accessed internal servers and extracted network-related data.

Tan said the government will consider funding support for CII owners and selectively share classified threat intelligence to help them detect and respond more effectively.

Expanding Cybersecurity Standards
Authorities are reviewing whether non-CII systems should meet cybersecurity standards currently required for CII owners, as threat actors increasingly target weaker systems as entry points.

IMDA will tighten cybersecurity regulations for telcos, particularly in infrastructure virtualization and credential management, although details have not been disclosed.

Cyber Trust Mark to Become Mandatory
Singapore’s Cyber Trust mark certification scheme will soon become mandatory for CII owners, cybersecurity auditors and licensed security service providers.

CII owners must obtain the highest-tier Level 5 certification for supporting non-CII systems by end-2027, while auditors and service providers must be certified by end-2026.

Stricter Rules for Home Devices
Residential routers will need to meet enhanced Level 2 security standards by 2027, including stronger encryption and authentication measures. Authorities are also considering raising standards for IP cameras.

CSA and IMDA warned that routers and IP cameras are common cyberattack targets, often exploited to spy on users or launch further attacks.

Singapore is tightening its cybersecurity posture across both critical infrastructure and consumer devices, aiming to level the playing field against increasingly sophisticated cyber threats. The new measures reflect a broader push to safeguard national systems and public networks.

Sources: Straits Times (2026) , CNA (2026)

Keywords: Singapore APT Defense, CII Cybersecurity Measures, UNC3886 Telco Attack, Cyber Trust Certification, Residential Router Security