SINGAPORE: The recent disclosure that a cyber threat group, identified as UNC3886, was attacking critical infrastructure in Singapore took many by surprise.

The announcement was made by Coordinating Minister for National Security and Minister for Home Affairs K Shanmugam during a speech at the 10th anniversary of the country’s Cyber Security Agency (CSA) last Friday (Jul 18). He warned that Singapore was actively dealing with a "highly sophisticated threat actor" capable of conducting espionage and “major disruption to Singapore and Singaporeans”.

UNC3886 has been described by Google-owned cybersecurity company Mandiant as a group with a China nexus. Understandably, the Chinese embassy in Singapore was dissatisfied that UNC3886 was described as being linked to China.

One question that may intrigue readers more was why the minister did not link UNC3886 to a particular country. Was this a perfunctory attempt to publicly attribute a cyber threat, or was it a policy decision by Singapore based on careful strategic calculations?

In his announcement, it was apparent that Mr Shanmugam deliberately focused on only naming the threat group, rather than directly pointing to any country. When he was asked the following day about UNC3886's alleged links to China, he said this was "speculative".

"What Mandiant does is what Mandiant does ... Who they (UNC3886) are linked to and how they operate is not something I want to go into," he said.