Singapore’s decision to name UNC 3886, but not a state, is one of the more interesting cyber-signaling moves we’ve seen in Southeast Asia.
Attribution is always a political act, even when framed as technical.
But what stands out is what they chose not to do: They did not link the activity to a sponsoring country.
That separation between technical attribution and political attribution is deliberate.
From a domestic perspective, it makes sense.
Cyber risk is hard to communicate. When governments repeatedly warn about “sophisticated threats,” the public hears abstraction.
Naming an actor makes the threat tangible.
It demonstrates capability and reinforces the need for institutions like CSA.
But the geopolitical restraint is where the strategy becomes clearer.
In Washington and parts of Europe, attribution has become a tool of competition — part deterrence, part signaling, part coalition-building.
In Southeast Asia, the calculus is different.
Publicly tying an actor to a major power risks forcing alignment in a region that has long prioritized strategic balance.
Singapore’s model reflects that reality:
Call out the intrusion.
Expose the tradecraft.
Strengthen resilience.
But avoid collapsing a security incident into a diplomatic rupture.
That is not a weakness. It is strategic compartmentalization.
For middle powers operating between the U.S. and China, cyber policy is not just about technical defense.
It is about preserving room to maneuver.
Two of my colleagues recently talked and wrote about it:
Fascinating interview with Muhammad Faizal Bin Abdul Rahman: https://lnkd.in/d2MeijhN
Great insights from Louise Marie Hurel: https://lnkd.in/dJTS8Ps8
