A Decade of Strengthening Singapore’s Cyber Defence Amid Escalating Threats

The Cyber Security Agency of Singapore (CSA) released the Singapore Cyber Landscape (SCL) 2024/2025 publication today. The publication looks at our local cybersecurity landscape in 2024 against a dynamic backdrop of rapid digitalisation, and charts Singapore’s efforts in building a safer cyberspace in the past decade. This edition of the SCL also marks a milestone for CSA, which celebrates its 10th anniversary in 2025.

2            This special SCL edition includes several Founders’ Stories, where early leaders look back at CSA’s decade-long journey and recount the significant moments in its history. The publication recounts how they – along with the first generations of CSA officers - laid the foundation that enabled CSA to respond effectively to today's sophisticated threats, from countering Advanced Persistent Threat (APT) groups to protecting citizens from evolving scams. It also includes contributions by leading cyber threat intelligence companies as well as partners, whose expertise and resources helped CSA ensure a safer cyberspace.

APT Activity Increased Globally; Groups Also Targeted Southeast Asia and Singapore

3            CSA observed that APT activity across the world increased. Against Southeast Asia, APT activity primarily targeted government and critical infrastructure for espionage purposes. The SCL's contributors highlighted significant APT-linked incidents, such as the compromise of ASEAN government organisations, Non-Governmental Organisations, and a media outlet through a TAG[1]-43 campaign that started in October 2023 and continued through January 2024. The campaign compromised edge devices including firewalls, routers, and other network devices.

4            Singapore has also faced, and continues to face attacks from APT groups. One such group targeting Singapore is UNC3886, which Coordinating Minister for National Security, Mr K Shanmugam, had publicly disclosed at CSA’s 10th Anniversary Dinner on 18 July 2025. UNC3886 is a state-sponsored APT group which has been active since at least late 2021, and demonstrates sophisticated tactics, techniques, and procedures (TTPs), such as living off the land (LoTL) techniques and zero-day exploits. UNC3886 and other APT groups target high-value, strategic targets, including critical infrastructure.

5            To counter these highly sophisticated threat actors, CSA has strengthened its coordinated response framework across three key areas. This comprises enhanced Critical Information Infrastructure (CII) protection through:

i) sustained collaboration with CII owners and expanded ecosystem protection covering vendors and suppliers.

 ii) sharpened nationwide cyber crisis response capabilities through exercises like Exercise Cyber Star[2]. This year’s exercise is the largest in scale and most intensive to date, held over a total of 11 days and involving close to 500 participants from CSA, sector leads, the Singapore Armed Forces’ Digital and Intelligence Service and owners of Critical Information Infrastructure (CII) from 11 sectors[3]. Participants were tested on scenarios based on key threats observed in the global cyber landscape, such as APTs and attacks on critical systems. Participants also had to respond to the spillover effects affecting multiple sectors.

iii) deepened international cooperation to address transnational cybersecurity challenges through regular CERT[4]-to-CERT exchanges with international counterparts, and participation in cross-border operations to disrupt malicious cyber activities.

Ransomware and Infected Infrastructure are Key Threats Locally; with Ongoing Initiatives to Mitigate them

6            In 2024, ransomware and infected infrastructure emerged as key concerns locally. Ransomware cases reported to the authorities rose by more than 20% in 2024 (159 cases) compared to 132 cases in 2023, while infected infrastructure rose by 67% to 117,300 systems in 2024 from 70,200 cases in 2023. CSA's analysis revealed that most of these infections involved old malware strains with readily available remediation measures which were not adopted. This underscored a troubling fact – that even as ransomware and other cyber threats grew, users were still failing to update and patch vulnerable software.

7            To address this, several initiatives were launched to strengthen collective cyber defence and remediate unpatched software. One such initiative was CSA's participation in an international operation against a global botnet in September 2024  which helped remediate 2,700 infected devices in Singapore.  Singapore is a pioneering and leading member of the Counter Ransomware Initiative (CRI) which involves over 70 member countries. The CRI aims to build collective resilience against ransomware attacks and disrupt the ransomware criminal industry. One practical measure the CRI has taken in 2024 is to endorse a Guidance document to help victim organisations make informed decisions when they encounter a ransomware incident. Singapore will be hosting the next CRI Summit on 24 October 2025 to drive further discussions with international partners to deal with the global challenge of ransomware.

Enhancing Cybersecurity for CII, Organisations and Individuals

8            CSA introduced several initiatives in 2024 to enhance cybersecurity for CII, organisations and individuals. For example, CSA moved to amend the Cybersecurity Act in 2024 to adapt to the advent of new technologies, evolving threat landscape and expanded attack surface with the increasing adoption of internet of things (IoT) devices. The amendments included expanding the regulatory ambit of the Act to include three new types of systems and entities – Systems of Temporary Cybersecurity Concern (STCC), Entities of Special Cybersecurity Interest (ESCI), and Foundational Digital Infrastructure (FDI).

9            CSA also launched the OT Cybersecurity Masterplan at the fourth edition of the Singapore Operational Technology Cybersecurity Expert Panel (OTCEP) Forum in 2024. This Masterplan serves as a strategic blueprint to bolster Singapore’s cyber defence, to ensure a secure and resilient OT cyber environment for both CII and non-CII sectors. CSA also developed a series of guidelines containing principle-level guidance as an evergreen approach for system owners to secure Artificial Intelligence (AI) projects. These guidelines were further supplemented by a Companion Guide, positioned as a community-driven resource offering practitioners a comprehensive reference when building their own AI security plans.

10          Mr David Koh, Commissioner of Cybersecurity and Chief Executive of CSA, said: “We have worked closely with domestic and international partners to strengthen Singapore’s cybersecurity; it has been a long but fruitful journey. However, malicious and advanced threat actors continue to pose a danger to our national security, digital economy and way of life. Additionally, AI-powered deepfakes and scams trick companies and individuals of large sums of hard-earned monies. We have to re-double our efforts, together with our many partners, stakeholders, and Singaporeans. And continue to work towards a future where everyone can live and work online in a trusted, resilient, and vibrant cyberspace.”

*** End ***

About the Singapore Cyber Landscape 2024/2025

The “Singapore Cyber Landscape 2024/2025” publication reviews Singapore’s cybersecurity situation in 2024 against the backdrop of global trends and events, and highlights Singapore’s efforts in creating a safe and trustworthy cyberspace.

CSA analyses multiple data sources and developments to shed light on the common cyber threats observed in Singapore’s cyberspace. Through case studies of incidents in Singapore, the publication aims to raise awareness of cyber threats among cyber stakeholders and the general public, and to offer practical and actionable insights to better defend ourselves against ever-evolving cyber threats.

Please refer to https://www.csa.gov.sg/resources/publications/singapore-cyber-landscape-2024-2025 for a copy of the report.

About the Cyber Security Agency of Singapore

Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes.

CSA is part of the Prime Minister’s Office and is managed by the Ministry of Digital Development and Information. For more news and information, please visit www.csa.gov.sg.

For media queries, please contact:

Jingxuan Chen

Senior Assistant Director, Communications & Engagement Division 

Email: CHEN_Jingxuan@csa.gov.sg

Alvin Ho 

Assistant Manager, Communications & Engagement Division 

Email: Alvin_HO@csa.gov.sg

[1] Threat Activity Group

[2]   Exercise Cyber Star is a nationwide cyber crisis management exercise aimed at enhancing the capability and readiness of Singapore’s critical sectors to respond effectively to cyberattacks.

[3] The 11 CII sectors comprise Aviation, Banking & Finance, Energy, Government, Healthcare, Infocommunications, Land Transport, Maritime, Media, Security & Emergency, and Water.

[4] Cyber Emergency Response Team