Singapore, Feb 11, 2026, 01:28 SGT
- In 2025, Singapore revealed that hackers tied to UNC3886 breached segments of all four major telcos’ networks.
- Authorities confirmed that services remained uninterrupted and found no signs of customer data being compromised.
- Officials said Operation CYBER GUARDIAN, a multi-agency effort, lasted over 11 months.
Singapore revealed that a cyber espionage group called UNC3886 targeted the nation’s four major telecommunications operators, infiltrating parts of their networks. The government classified the breach as a critical infrastructure threat.
The government confirmed unauthorized access to certain systems but stated telecom services remained unaffected. So far, investigators have found no proof that sensitive or personal customer data was accessed or stolen.
This disclosure is crucial since telecom networks underpin everything—payments, transport, cloud services, government communications. Once attackers breach them, they can quietly map the infrastructure, swipe sensitive technical data, and sometimes establish persistent backdoors.
Singapore’s Cyber Security Agency and the Infocomm Media Development Authority launched what they called the nation’s biggest coordinated cyber incident response to date. The effort lasted over eleven months and drew in more than 100 cyber defenders across multiple agencies.
Authorities revealed that UNC3886 launched their campaign using a “zero-day exploit,” leveraging a previously undisclosed software vulnerability to slip past perimeter firewalls and infiltrate telecom networks. They also deployed “rootkits,” a covert type of malware designed to conceal the attacker’s presence and maintain prolonged access.
Officials reported the group stole a limited set of technical data, mostly tied to network operations. In one instance, the attackers accessed a critical system but stopped short of causing service disruptions.
The telcos spotted the activity and alerted regulators, the statement said. The response brought in agencies like CSA, IMDA, the Centre for Strategic Infocomm Technologies, Digital and Intelligence Service, GovTech, and the Internal Security Department. They launched remediation efforts and ramped up monitoring across the board.
The four companies jointly acknowledged that telecom operators frequently encounter attacks like distributed denial-of-service—where systems get overwhelmed by traffic—alongside malware and phishing threats. “We employ defense-in-depth strategies to safeguard our networks and swiftly address any detected problems,” they stated. (Reuters)
Google-owned cybersecurity company Mandiant has identified UNC3886 as a “China-nexus espionage group” targeting defence, technology, and telecommunications firms across the US and Asia. China consistently denies these cyber espionage claims and maintains it opposes cyberattacks.
Singapore’s government had earlier acknowledged responding to UNC3886 attacks on “high-value strategic assets” but kept details under wraps for operational security. Monday marked the first time it openly confirmed telecom infrastructure as the target and revealed the operators involved.
The episode comes amid a wave of telecom hacks worldwide. TechCrunch noted that Singapore linked the UNC3886 case to other major telecom breaches, which several governments attribute to a China-backed group called Salt Typhoon. However, Singapore said the damage from its own breach wasn’t as severe. (TechCrunch)
The situation remains murky. Singapore’s authorities cautioned that the battle isn’t over, warning of possible future break-in attempts. Rootkits, in particular, complicate efforts to confirm whether an intruder has been completely ousted. Plus, stolen technical data could give attackers a clearer blueprint to try again.
Josephine Teo, Singapore’s minister for digital development and information and minister-in-charge of cybersecurity, addressed cyber defenders at a recent event, stressing the critical role of infrastructure owners. “Your actions, or inaction, can determine whether we succeed or fail in protecting our critical infrastructure, and our national security,” she warned. (Cyber Security Agency of Singapore)
CSA and IMDA are teaming up with telcos to boost cyber defences, ramp up detection capabilities, and roll out active monitoring. Their efforts also include joint threat hunting and penetration testing to shore up security.
