ACCORDING to Cyber Security Agency of Singapore (CSA), in a cyber espionage campaign linked to the China-linked APT UNC3886, Singapore’s telecom sector was targeted by attacks on all four major telcos—M1, SIMBA Telecom, Singtel and StarHub—since July 2025. The operation, named CYBER GUARDIAN, was conducted with involvement from CSA and the Infocomm Media Development Authority (IMDA) to protect critical infrastructure.
UNC3886 is described as a sophisticated group that uses zero-days to bypass firewalls and access networks, exfiltrating mainly network-related data, and it deployed rootkits to maintain persistent access while evading detection. In 2023 the group targeted government organisations using the Fortinet zero-day CVE-2022-41328 to deploy backdoors, and it favourably employs stealth tactics such as manipulating logs and forensic artefacts.
Singapore’s telcos detected the breach and notified the IMDA and CSA, with more than 100 cyber experts contributing to the response, which lasted over 11 months. The authorities emphasised that attackers gained only partial access and did not disrupt services, and they undertook joint threat hunting, penetration testing and capability upgrades to bolster defences.