Cyberconflict and warfare

Singapore probes cyberattacks on critical infrastructure linked to UNC3886

Singapore is addressing cyberattacks on its critical information infrastructure attributed to the state-sponsored cyberespionage group UNC3886. On 18 July, Coordinating Minister for National Security K. Shanmugam identified the group as an advanced persistent threat (APT) actor capable of long-term network infiltration to gather intelligence or disrupt essential services. He noted that UNC3886 is currently targeting high-value strategic assets in Singapore but did not name any state sponsor.

Cybersecurity firm Mandiant, which first reported on UNC3886 in 2022, has characterised it as a ‘China-nexus espionage group‘ that has previously targeted organisations in the defence, technology, and telecommunications sectors across the United States and Asia.

In response, the Chinese embassy in Singapore denied any connection to UNC3886. In a statement published over the weekend, it described the allegations as ‘groundless smears and accusations’ and reiterated that China opposes all forms of cyberattacks under its laws. The embassy stated that China does not encourage, support, or condone hacking activities.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

AI governance needs urgent international coordination

A GIS Reports analysis emphasises that as AI systems become pervasive, they create significant global challenges, including surveillance risks, algorithmic bias, cyber vulnerabilities, and environmental pressures.

Unlike legacy regulatory regimes, AI technology blurs the lines among privacy, labour, environmental, security, and human rights domains, demanding a uniquely coordinated governance approach.

The report highlights that leading AI research and infrastructure remain concentrated in advanced economies: over half of general‑purpose AI models originated in the US, exacerbating global inequalities.

Meanwhile, facial recognition or deepfake generators threaten civic trust, amplify disinformation, and even provoke geopolitical incidents if weaponised in defence systems.

The analysis calls for urgent public‑private cooperation and a new regulatory paradigm to address these systemic issues.

Recommendations include forming international expert bodies akin to the IPCC, and creating cohesive governance that bridges labour rights, environmental accountability, and ethical AI frameworks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

South Korea joins US-led multinational cyber exercise

South Korea’s Cyber Operations Command is participating in a US-led multinational cyber exercise this week, the Ministry of National Defence in Seoul announced on Monday.

Seven personnel from the command are taking part in the five-day Cyber Flag exercise, which began in Virginia, United States. This marks South Korea’s fourth participation in the exercise since first joining in 2022.

Launched in 2011, Cyber Flag is an annual exercise designed to enhance cooperation between the United States and its allies, particularly the Five Eyes intelligence alliance, which includes Australia, Canada, New Zealand, the United Kingdom, and the United States. The exercise provides a platform for partner nations to strengthen their collective ability to detect, respond to, and mitigate cyber threats through practical, scenario-based training.

According to the Ministry, Cyber Flag, together with bilateral exercises between South Korean and US cyber commands and the exchange of personnel and technologies, is expected to further advance cooperation between the two countries in the cyber domain.

The Cyber Flag exercise involves the Five Eyes intelligence alliance—comprising the United States, United Kingdom, Australia, Canada, and New Zealand—alongside other partner countries. The program focuses on enhancing collective capabilities to counter cyber threats through practical training.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Salt Typhoon targets routers in sweeping campaign

Since early 2025, the Chinese-linked hacking group Salt Typhoon has aggressively targeted telecom infrastructure worldwide, compromising routers, switches and edge devices used by clients of major operators such as Comcast, MTN and LG Uplus.

Exploiting known but unpatched vulnerabilities, attackers gained persistent access to these network devices, potentially enabling further intrusions into core telecom systems.

The pattern suggests a strategic shift: the group broadly sweeps telecom infrastructure to establish ready-made access across critical communication channels.

Affected providers emphasised that only client-owned hardware was breached and confirmed no internal networks were compromised, but the campaign raises deeper concerns.

Experts warn that such indiscriminate telecommunications targeting could threaten data security and disrupt essential services, revealing a long-term cyber‑espionage strategy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU helps Vietnam prepare for cyber emergencies

The European Union and Vietnam have conducted specialised cyber‑defence training to enhance the resilience of key infrastructure sectors such as power, transportation, telecoms and finance.

Participants, including government officials, network operators and technology experts, engaged in interactive threat-hunting exercises and incident simulation drills designed to equip teams with practical cyber‑response skills.

This effort builds on existing international partnerships, including collaboration with the US Cybersecurity and Infrastructure Security Agency, to align Vietnam’s security posture with global standards.

Vietnam faces an alarming shortfall of more than 700,000 cyber professionals, with over half of organisations reporting at least one breach in recent years.

The training initiative addresses critical skills gaps and contributes to national digital security resilience.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Salt Typhoon compromises critical US infrastructure

A US state’s Army National Guard network was thoroughly compromised by the Chinese cyberespionage group Salt Typhoon from March to December 2024. According to a confidential federal memo, hackers extracted highly sensitive information, including administrator credentials, network maps, and interstate communication data, raising alarm over data leaked across all 50 states and four US territories.

Security analysts caution that the breach goes beyond intelligence gathering. With access to National Guard systems, integral to state-level threat response and civilian support, the group is poised to exploit vulnerabilities in critical infrastructure, particularly during crises or conflict.

Salt Typhoon, linked to China’s Ministry of State Security, has a track record of penetrating telecommunications, energy grids, transport systems, and water utilities. Often leveraging known vulnerabilities in Cisco and Palo Alto equipment, the group has exfiltrated over 1,400 network configuration files from more than 70 US critical infrastructure providers.

Federal agencies, including DHS and CISA, are sounding the alarm: this deep infiltration presents a serious national security threat and indicates a strategic shift in cyber warfare. Navigating Sun Typhoon’s persistent access through local and federal networks is now a top priority in defending the critical systems on which communities rely.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Defence AI Centre at heart of Korean strategy

South Korea has unveiled a strategy to share extensive military data with defence firms to accelerate AI-powered weapon systems, inspired by US military cloud initiatives. Plans include a national public–private fund to finance innovation and bolster the country’s defence tech prowess.

A specialised working group of around 30 experts, including participants from the Defence Acquisition Program Administration, is drafting standards for safety and reliability in AI weapon systems. Their work aims to lay the foundations for the responsible integration of AI into defence hardware.

Officials highlight the need to merge classified military databases into a consolidated defence cloud, moving away from siloed systems. This model follows the tiered cloud framework adopted by the US, enabling more agile collaboration between the military and industry.

South Korea is also fast-tracking development across core defence domains, such as autonomous drones, command-and-control systems, AI-enabled surveillance, and cyber operations. These efforts are underpinned by the recently established Defence AI Centre, positioning the country at the forefront of Asia’s military AI race.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Military AI and the void of accountability

In her blog post ‘Military AI: Operational dangers and the regulatory void,’ Julia Williams warns that AI is reshaping the battlefield, shifting from human-controlled systems to highly autonomous technologies that make life-and-death decisions. From the United States’ Project Maven to Israel’s AI-powered targeting in Gaza and Ukraine’s semi-autonomous drones, military AI is no longer a futuristic concept but a present reality.

While designed to improve precision and reduce risks, these systems carry hidden dangers—opaque ‘black box’ decisions, biases rooted in flawed data, and unpredictable behaviour in high-pressure situations. Operators either distrust AI or over-rely on it, sometimes without understanding how conclusions are reached, creating a new layer of risk in modern warfare.

Bias remains a critical challenge. AI can inherit societal prejudices from the data it is trained on, misinterpret patterns through algorithmic flaws, or encourage automation bias, where humans trust AI outputs even when they shouldn’t.

These flaws can have devastating consequences in military contexts, leading to wrongful targeting or escalation. Despite attempts to ensure ‘meaningful human control’ over autonomous weapons, the concept lacks clarity, allowing states and manufacturers to apply oversight unevenly. Responsibility for mistakes remains murky—should it lie with the operator, the developer, or the machine itself?

That uncertainty feeds into a growing global security crisis. Regulation lags far behind technological progress, with international forums disagreeing on how to govern military AI.

Meanwhile, an AI arms race accelerates between the US and China, driven by private-sector innovation and strategic rivalry. Export controls on semiconductors and key materials only deepen mistrust, while less technologically advanced nations fear both being left behind and becoming targets of AI warfare. The risk extends beyond states, as rogue actors and non-state groups could gain access to advanced systems, making conflicts harder to contain.

As Williams highlights, the growing use of military AI threatens to speed up the tempo of conflict and blur accountability. Without strong governance and global cooperation, it could escalate wars faster than humans can de-escalate them, shifting the battlefield from soldiers to civilian infrastructure and leaving humanity vulnerable to errors we may not survive.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Foreign cybercrime cells thrive in Nigeria

Nigeria’s anti-fraud agency had 194 foreign nationals in custody in 2024, prosecuting 146 for their roles in cyber-enabled financial crimes, highlighting a robust response to a growing threat.

December alone saw nearly 800 arrests in Lagos, targeting romance and cryptocurrency investment scams featuring foreign ringleaders from China and the Philippines. In one case, 148 Chinese and 40 Filipino suspects were detained.

These groups established complex fraud operations in major Nigerian cities, using fake identities and training local recruits, often unaware of the ultimate scheme. Investigations also flagged cryptocurrency-fuelled money laundering and arms trafficking, pointing to wider national security risks.

EFCC chairman Ola Olukoyede warned that regulatory failures, such as visa oversight and unchecked office space leasing, facilitated foreign crime cells.

National and continental collaboration, tighter visa control, and strengthened cybercrime frameworks will be key to dismantling these networks and securing Nigeria’s digital economy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Italian defence firms hit by suspected Indian state-backed hackers

An advanced persistent threat (APT) group with suspected ties to India has been accused of targeting Italian defence companies in a cyber-espionage campaign.

Security researchers found that the hackers used phishing emails and malicious documents to infiltrate networks, stealing sensitive data.

The attacks, believed to be state-sponsored, align with growing concerns about nation state cyber operations targeting critical industries.

The campaign, dubbed ‘Operation Tainted Love,’ involved sophisticated malware designed to evade detection while exfiltrating confidential documents.

Analysts suggest the group’s motives may include gathering intelligence on military technology and geopolitical strategies. Italy has not yet issued an official response, but the breach underscores the escalating risks to national security posed by cyber-espionage.

This incident follows a broader trend of state-backed hacking groups increasingly focusing on the defence and aerospace sectors.

Cybersecurity experts urge organisations to strengthen defences, particularly against phishing and supply chain attacks. As geopolitical tensions influence cyberwarfare, such operations highlight the need for international cooperation in combating digital threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!