- UNC3886 targets all four major Singapore telcos in a state-sponsored cyber campaign
- Attackers used rootkits and zero-day firewall exploits, but failed to steal sensitive data
- Singapore confirmed limited unauthorized access, no disruption or exfiltration, China expected to deny involvement
Singapore’s government has said that all four of its major telecommunications providers have been targeted by Chinese state-sponsored threat actors known as UNC3886.
The attack was not discovered until mid-July 2025, but was not made public at the time, so as not to jeopardize the ongoing investigation and the countermeasures being implemented.
Subsequent investigations revealed a “deliberate, targeted and well-planned campaign against Singapore’s telecommunications sector” that targeted all four of the country’s largest telcos – M1, SIMBA Telecom, Singtel and StarHub – in the crosshairs.
Failed attack
Singapore’s government described the attackers as “sophisticated and persistent”, getting past defenses using advanced tools such as rootkits and exploiting zero-day vulnerabilities in firewalls.
Fortunately, the attacks did not cause any meaningful damage, it said. While the crooks managed to break in on some occasions, they were unable to extract any sensitive information.
“So far, the attack by UNC3886 has not resulted in the same level of damage as cyber attacks elsewhere,” the statement said. “The threat actor was able to gain unauthorized access to some parts of telecommunications networks and systems. In one case, they were able to gain limited access to critical systems, but did not get far enough to have been able to disrupt services.”
Sensitive and personal data was not accessed or exfiltrated, nor is there any evidence that services and availability were disrupted.
We haven’t seen an official statement from China regarding this news, but it’s safe to assume that it will vehemently deny any accusations. Still, the security community has seen numerous intrusions into telecommunications companies around the world, all attributed to Chinese state-sponsored actors. For example, in December 2024, it was reported that China’s salt typhoon affected at least eight US telecommunications companies.
Salt Typhoon and UNC3886 do not appear to be the same group.
Via TechCrunch
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
