top of page
Search

Singapore Telcos Hit by China-Linked UNC3886 Cyber Espionage Campaign

  • Feb 10
  • 1 min read

Key Findings


  • China-nexus cyber espionage group UNC3886 targeted Singapore's telecommunications sector in a deliberate, targeted, and well-planned campaign

  • All four of Singapore's major telecom operators - M1, SIMBA Telecom, Singtel, and StarHub - were targeted by UNC3886

  • UNC3886 used sophisticated tools, including a zero-day exploit to bypass a perimeter firewall, and deployed rootkits to establish persistent access and conceal their activities


Background


  • UNC3886 is an advanced persistent threat (APT) group with deep capabilities, assessed to have been active since at least 2022

  • The group targets edge devices and virtualization technologies to gain initial access, prioritizing the defense, technology, and telecommunications sectors in the US and Asia

  • In 2023, UNC3886 targeted multiple government organizations using the Fortinet zero-day CVE-2022-41328 to deploy custom backdoors


Singapore's Response


  • Cyber Security Agency of Singapore (CSA) and Infocomm Media Development Authority (IMDA) launched Operation CYBER GUARDIAN to counter the UNC3886 threat and limit the attackers' movement into telecom networks

  • Over 100 cyber experts from different agencies worked with the telcos to stop the attackers, limit their access, and secure systems

  • Authorities fixed weaknesses, blocked access points, and increased monitoring, containing the attacks and preventing data exfiltration or service disruptions


Ongoing Concerns


  • While the immediate threat has been contained, future attempts to breach telecom systems remain possible as they are key targets handling vast data and supporting the digital economy

  • CSA and IMDA are working with telcos to strengthen defenses, improve detection, and monitor for UNC3886 activities

  • Telcos are conducting joint threat hunting, penetration testing, and capability upgrades, and the government is rolling out initiatives to boost skills across the cyber ecosystem


Sources


  • https://thehackernews.com/2026/02/china-linked-unc3886-targets-singapore.html

  • https://securityaffairs.com/187792/apt/china-linked-apt-unc3886-targets-singapore-telcos.html

  • https://x.com/TheHackersNews/status/2020906247520911394

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page