SINGAPORE’S cybersecurity agency CSA, with its development agency IMDA, confirmed that China-linked UNC3886 targeted all four of the nation’s major telecom operators—M1, SIMBA Telecom, Singtel and StarHub—but did not disrupt services or access customer information. The attack, first disclosed in July of the previous year, involved the deployment of rootkits to evade detection and maintain persistence, as well as a zero-day exploit in a firewall to access a telco network and obtain a small amount of technical data.
CSA notes that UNC3886 gained limited access to parts of the victim networks and systems, yet there is no evidence to-date that sensitive or personal data were accessed or exfiltrated, nor that telecommunications services were disrupted. The agency says it has collaborated with the targeted organisations to investigate intrusions, close the actor’s access, remediate, and expand monitoring across affected networks.
It adds that telcos remain strategic targets for threat actors, including state-sponsored ones, and that Singapore will introduce initiatives to strengthen cyber capabilities and speed response to similar attacks.