A China-linked threat actor, UNC3886, breached Singapore’s four largest telecommunication service providers – Singtel, StarHub, M1, and Simba – at least once last year. The attackers gained limited access to critical systems but did not disrupt services.
In response, Singapore deployed “Operation Cyber Guardian” to limit the adversary’s activity on the telcos’ networks. Investigations found that UNC3886 launched a deliberate campaign against Singapore’s telecommunications sector, using a zero-day exploit and rootkits to bypass firewalls and remain stealthy.
Although compromise was confirmed across all four major operators, sensitive customer data was not accessed or stolen, and no services were disrupted. The authorities say they contained the compromise and expanded monitoring to other critical infrastructure, blocking potential pivoting to other sectors.
This incident highlights the importance of cyber defense and the need for continued vigilance against emerging threats.
Source: https://www.bleepingcomputer.com/news/security/chinese-cyberspies-breach-singapores-four-largest-telcos