top of page
Search

Singapore Telcos Hit by China-Linked UNC3886 Cyber Espionage Campaign

  • Feb 10
  • 1 min read

Key Findings


  • China-nexus cyber espionage group UNC3886 targeted Singapore's telecommunications sector in a deliberate, targeted, and well-planned campaign

  • All four of Singapore's major telecom operators - M1, SIMBA Telecom, Singtel, and StarHub - were targeted by UNC3886

  • UNC3886 used sophisticated tools, including a zero-day exploit to bypass a perimeter firewall, and deployed rootkits to establish persistent access and conceal their activities


Background


  • UNC3886 is an advanced persistent threat (APT) group with deep capabilities, assessed to have been active since at least 2022

  • The group targets edge devices and virtualization technologies to gain initial access, prioritizing the defense, technology, and telecommunications sectors in the US and Asia

  • In 2023, UNC3886 targeted multiple government organizations using the Fortinet zero-day CVE-2022-41328 to deploy custom backdoors


Singapore's Response


  • Cyber Security Agency of Singapore (CSA) and Infocomm Media Development Authority (IMDA) launched Operation CYBER GUARDIAN to counter the UNC3886 threat and limit the attackers' movement into telecom networks

  • Over 100 cyber experts from different agencies worked with the telcos to stop the attackers, limit their access, and secure systems

  • Authorities fixed weaknesses, blocked access points, and increased monitoring, containing the attacks and preventing data exfiltration or service disruptions


Ongoing Concerns


  • While the immediate threat has been contained, future attempts to breach telecom systems remain possible as they are key targets handling vast data and supporting the digital economy

  • CSA and IMDA are working with telcos to strengthen defenses, improve detection, and monitor for UNC3886 activities

  • Telcos are conducting joint threat hunting, penetration testing, and capability upgrades, and the government is rolling out initiatives to boost skills across the cyber ecosystem


Sources


  • https://thehackernews.com/2026/02/china-linked-unc3886-targets-singapore.html

  • https://securityaffairs.com/187792/apt/china-linked-apt-unc3886-targets-singapore-telcos.html

  • https://x.com/TheHackersNews/status/2020906247520911394

Recent Posts

See All

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page