Parliament
Singapore identifies 2,700 infected devices in global botnet cyber operation, says Josephine Teo
About 2,700 infected devices in Singapore were identified following a global cyber operation supported by the Singapore government. Minister for Digital Development and Information Josephine Teo stated that poor cyber hygiene practices were exploited, though no critical infrastructure was affected. The Cyber Security Agency has taken remediation measures.
SINGAPORE: About 2,700 infected devices in Singapore were identified after the Cyber Security Agency of Singapore (CSA) participated in a global cyber operation against a botnet, Minister for Digital Development and Information Josephine Teo revealed in parliament on 7 March 2025.
Speaking during discussions on the Ministry of Digital Development and Information’s (MDDI) spending plans, Teo stated that “malicious actors” exploited “poor cyber hygiene practices” to infect devices, including baby monitors and internet routers.
She clarified that no Critical Information Infrastructure (CII) was affected, and there was no evidence to suggest the infected devices were used to target Singapore.
A botnet is a network of computers infected with malicious software, often used to launch cyberattacks such as distributed denial-of-service (DDoS) attacks and spam campaigns.
Weak passwords and poor cyber hygiene can result in devices becoming compromised and subsequently controlled by attackers.
The Singapore government supported the international operation, which took place in 2024 and aimed to disinfect compromised servers and devices that had been recruited into the botnet.
The cyber operation involved disabling malware on the infected devices to prevent further exploitation.
Teo highlighted the potential risks if the botnet had remained active. “It would have meant the devices were vulnerable, and personal data belonging to device owners could have been stolen,” she said.
“More worryingly, the devices could be used as a standby army, much like our NSFs (full-time national servicemen), ready to be deployed into active duty. Except in this case, it would be foreign state-linked actors using the bots for malicious purposes, which can include targets directed within Singapore.”
As part of remediation efforts, CSA has contacted relevant parties to inform device owners about the infections and the necessary measures to secure their devices.
The agency then monitored previously infected devices for a period to ensure the malware had been fully removed.
