SINGAPORE: About 2,700 infected devices in Singapore were identified after the Cyber Security Agency of Singapore (CSA) took part in a cyber operation against a global botnet.

Minister for Digital Development and Information Josephine Teo said in parliament on Friday (Mar 7) that the "malicious actors" exploited "poor cyber hygiene practices" to infect devices, including baby monitors and internet routers.

No Critical Information Infrastructure (CII) was affected, and there was no evidence to suggest the infected devices were used to target Singapore.

The Singapore government supported the international operation, which took place in 2024, which aimed to disinfect servers and devices compromised to form a global botnet.

A botnet refers to a network of computers infected with malicious software and used to carry out cyberattacks.

Devices could be compromised by, for example, poor cyber hygiene through the use of weak passwords. They could then serve as bots to launch the likes of distributed denial of service or DDoS attacks, as well as spam campaigns.

"Members may ask, so what if the botnet had remained? Well, it would have meant the devices were vulnerable, and personal data belonging to device owners could have been stolen," said Mrs Teo.

"More worryingly, the devices could be used as a standby army, much like our NSFs (full-time national servicemen), ready to be deployed into active duty. 

"Except in this case, it would be foreign state-linked actors using the bots for malicious purposes, which can include targets directed within Singapore."

Mrs Teo was speaking in parliament on the Ministry of Digital Development and Information's (MDDI) spending plans for the year.

The cyber operation involved the disabling of malware from the infected devices.

As part of remediation efforts, CSA has reached out to relevant parties to inform owners of these devices that their devices had been infected, and for them to take the necessary measures.

CSA then monitored the previously infected devices for a period of time to ensure that the malware had been fully disabled.