Yoav Mazor, Sygnia’s head of incident response for Asia Pacific and Japan — who is himself based in Singapore — told Recorded Future News that the company’s report was not based on the specific entities the minister mentioned, but considered its research on Fire Ant to “definitely correlate” with the campaign Shanmugam complained about. The company also linked UNC3886 to a campaign last year to deploy custom backdoors on compromised Juniper Network routers, stating it appeared to be “focused mainly on defense, technology, and telecommunication organizations located in the US and Asia.” The group had previously been linked to compromises discovered in Fortinet and VMware systems for the sake of spying on defense, government, tech and telecom organizations. A cyber-espionage campaign linked to a sophisticated hacking group believed to be based in China is continuing to compromise virtualization and networking infrastructure used by enterprises globally, according to a new deep-dive report by cybersecurity company Sygnia. Sygnia is tracking the campaign under the name Fire Ant, which shares similarities with UNC3886, based on what its regional head of incident response described as “unique” engagements. It follows UNC3886’s spying activities being highlighted by Singapore’s national security minister, Kasiviswanathan Shanmugam, who said the group was behind a series of incidents affecting the country's critical national infrastructure.
This Cyber News was published on therecord.media. Publication date: Thu, 24 Jul 2025 13:40:14 +0000