Singapore’s government has identified a known Chinese cyber-espionage group, UNC3886, as responsible for targeting four of the country’s major telecommunications companies in a months-long campaign. This marks the first official confirmation that hackers specifically went after Singapore’s telecom infrastructure, impacting its largest providers: Singtel, StarHub, M1, and Simba Telecom. The government had previously acknowledged responding to an attack on critical infrastructure without naming the perpetrators.
According to K. Shanmugam, the country’s coordinating minister for national security, the intruders successfully breached and accessed some systems but did not disrupt services or access personal customer information. The cyber-espionage group UNC3886 has been previously linked by Google’s cybersecurity unit Mandiant to activity likely conducted on behalf of China. The Chinese government routinely denies involvement in such cyber-espionage operations, which are often seen as preparatory steps for potential disruptive attacks.
The hacking group is known for exploiting zero-day vulnerabilities in routers, firewalls, and virtualized environments, areas where traditional security tools often cannot detect malware. UNC3886 has a history of targeting the defense, technology, and telecommunications sectors across the United States and the Asia-Pacific region.
In the Singapore attacks, the hackers used advanced tools like rootkits to establish long-term persistence within the systems. A government statement noted that in one instance, they gained limited access to critical systems but did not advance far enough to cause any service disruption.
The targeted telecommunications companies issued a joint statement, acknowledging they regularly face distributed denial-of-service and other malware attacks. They stated that they employ layered defense mechanisms to protect their networks and conduct prompt remediation when issues are detected.
These incidents in Singapore follow a pattern of similar, though distinct, attacks on hundreds of telecom companies worldwide in recent years, including in the United States. Multiple governments have attributed those broader attacks to a different China-backed group known as Salt Typhoon. Singapore authorities emphasized that the damage from the UNC3886 attack was not as extensive as the damage caused by Salt Typhoon hacks elsewhere.