Catenaa, Thursday, February 12, 2026-Singapore’s four biggest telecommunications companies suffered targeted cyberattacks last year by a China-linked hacking group, authorities confirmed, though critical services and customer data were unaffected.
The Cyber Security Agency of Singapore (CSA) said the threat actor, tracked as UNC3886, breached Singtel, StarHub, M1, and Simba at least once in 2025.
Investigations found the group gained limited access to internal systems using zero-day exploits and rootkits but did not penetrate deeply enough to disrupt operations. Singapore launched ‘Operation Cyber Guardian’ in response to contain the intrusions and prevent lateral movement into other critical sectors, including banking, transport, and healthcare.
CSA and the Infocomm Media Development Authority worked with over 100 investigators across six government agencies to close compromised access points, expand monitoring, and strengthen defenses. Minister for Digital Development and Information Josephine Teo said the breaches highlighted the ongoing importance of cyber defense.
UNC3886, observed by Mandiant researchers since 2023, has previously targeted government, telecommunications, and technology firms worldwide, exploiting vulnerabilities in FortiGate firewalls, VMware ESXi, and VMware vCenter Server. Earlier attacks attributed to China-aligned actors, including Salt Typhoon, compromised broadband providers in the U.S. and Canada, gaining access to legal interception systems and IT infrastructure.
Singapore’s authorities did not disclose which specific zero-day exploits were used. Officials said there is no evidence that sensitive customer information was accessed or stolen, and no telecom services were disrupted during the attacks.
The breach underscores rising cyber risks from state-linked actors in the telecommunications sector, emphasizing the need for coordinated national and industry-level cybersecurity measures.
