A China-linked threat actor tracked as UNC3886 has breached Singapore’s four largest telecommunications providers — Singtel, StarHub, M1, and Simba — at least once during 2025, according to Singaporean authorities.
Cyber Security Agency of Singapore (CSA) said the intrusions were deliberate, targeted, and carefully planned. Investigations revealed that the attackers used an undisclosed zero-day vulnerability to bypass telecom perimeter firewalls and gain limited access to critical systems. However, officials said the attackers did not penetrate deep enough to disrupt services.
In one case, investigators found that the group deployed rootkits to maintain long-term, stealthy access inside affected environments. Despite confirmed compromises across all four operators, authorities said there is no evidence that customer data was accessed or stolen, and no outages or service disruptions occurred.
Following the disclosures in July 2025, Singapore launched Operation Cyber Guardian, a coordinated response involving more than 100 investigators from six government agencies. The effort focused on containing the breach, closing access points, and expanding monitoring across other critical sectors, including banking, healthcare, and transportation, to prevent further lateral movement.
The Infocomm Media Development Authority (IMDA) worked alongside the CSA after receiving alerts directly from the affected telcos. Officials said the rapid response played a key role in limiting the scope of the intrusion.
Singapore’s Minister for Digital Development and Information, Josephine Teo, said the limited impact should not lead to complacency, stressing that the incident highlights the importance of constant cyber defense rather than a reason for celebration.
UNC3886 has been monitored by Mandiant since 2023 and is known for exploiting zero-day flaws in products such as FortiGate firewalls and VMware infrastructure. In the Singapore case, authorities have not disclosed which product or vendor was affected by the exploited vulnerability.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
