Floating Button
Home Digitaledge Cybersecurity

Hackers used unpatched routers to access organisations in Singapore, says CSA

Nurdianah Md Nur
Nurdianah Md Nur • 3 min read
Hackers used unpatched routers to access organisations in Singapore, says CSA
Latest threat report by the Cyber Security Agency of Singapore (CSA) shows how neglected network equipment can give attackers a foothold, while AI is shortening the time available to respond. Photo: Pexels
Font Resizer
Share to Whatsapp
Share to Facebook
Share to LinkedIn
Scroll to top
Follow us on Facebook and join our Telegram channel for the latest updates.

The Cyber Security Agency of Singapore (CSA) says hackers exploited unpatched routers at multiple organisations last year before installing malicious tools that could survive subsequent security updates.

The campaign was uncovered on Feb 13, 2025, after the agency received information on related global activity. It was opportunistic rather than aimed at particular organisations, according to the agency’s Singapore Cyber Landscape 2025/2026 report.

Attackers created unauthorised administrator accounts and installed malicious tools directly on the routers. The agency did not identify the affected organisations or say how many devices were compromised.

Response teams scanned network-connected devices at affected organisations for signs that the attackers had moved further into their systems. No additional footholds were found, according to the report.

In some cases, remediation required the routers’ firmware to be re-flashed. Delays in applying patches were linked to incomplete asset visibility, limited staffing and weak cyber-hygiene practices. The affected equipment was managed either by small in-house teams or external vendors.

The finding comes as CSA warns that artificial intelligence (AI) is reducing the time needed to identify vulnerabilities and carry out attacks. Agentic AI systems could automate parts of an intrusion that previously unfolded over days, compressing them into hours.

See also: South Korea fines Coupang record US$409 mil for data leak

Singapore detected 284,300 infected infrastructure systems in 2025, a 142% increase from the previous year. The increase was driven mainly by persistent malicious infrastructure activity and improved detection of infected botnet devices, according to CSA.

The total is separate from the router campaign, but CSA cited consumer internet-connected devices with weak configurations or unpatched firmware as creating more opportunities for botnet operators.

Separately, advanced threat actor UNC3886 attempted to intrude into Singapore’s four major telecommunications operators in 2025.

See also: Roblox wants deluge of child sex abuse cases moved out of court

The government’s Operation Cyber Guardian contained the incident without disrupting telecom services, and investigators found no evidence that customer data had been compromised. The operation was Singapore’s largest coordinated cyber incident response to date, according to CSA.

“In today’s accelerating and increasingly complex threat landscape, major challenges such as AI and quantum loom ahead. We need to lock down, find first, and fix fast. We must tighten up and harden systems before threat actors can find footholds. Discover vulnerabilities before they are exploited. And when gaps are found, close them faster than threat actors can act. This cycle should be continuous, rather than point-in-time checks,” says David Koh, commissioner of Cybersecurity and chief executive of CSA.

He continues: “We are working closely with global partners and industry to ensure that fast-evolving technologies strengthen, rather than undermine, our collective security. Together – industry, government, and citizens – we can build a future where digital innovation thrives in tandem with trust and security.”

×
The Edge Singapore
Download The Edge Singapore App
Google playApple store play
Keep updated
Follow our social media
© 2026 The Edge Publishing Pte Ltd. All rights reserved.