**Singapore's Telcos Team Up to Counter Major Cyberattack**

Singapore's four major mobile operators - Singtel, M1, Simba Telecom, and StarHub - were the targets of a massive and coordinated cyberattack last year. However, thanks to the swift response of the island state's security agencies, the attack was thwarted in what is being hailed as the country's largest ever coordinated cyber defence operation.

The Cyber Security Agency (CSA) and the Infocomm Media Development Authority (IMDA) revealed that a hacking group known as UNC3886 had launched a sophisticated cyberattack on critical Singaporean infrastructure in July 2025. The group, an advanced persistent threat (APT) actor, used a zero-day exploit to bypass firewalls and root-kit tools to maintain access without being detected.

However, despite the hackers' efforts, they were unable to gain significant traction. The telcos had detected the attempts and although UNC3886 was able to access "a few critical systems", no sensitive data was compromised or exfiltrated. According to Josephine Teo, Singapore's minister for digital development and information, the attackers did not get far enough to disrupt services.

Teo, who is also the minister in charge of the Smart Nation Initiative and the CSA, unveiled details of the operation during a speech at the Operation Cyber Guardian Engagement Event for Cyber Defenders. She warned that the hacking group may have been based in China and could still pose a threat to Singapore's critical infrastructure.

Teo stated that the country's security agencies had detected 102 cyber attacks in August 2025 alone, with UNC3886 suspected of being behind most of them. The minister urged vigilance and warned that more sophisticated tools may be deployed by the hackers to disrupt services in Singapore.

"The knock-on effects of their campaign could also have included other essential services, like banking and finance, transport and medical services," Teo said. "The fact that they could perhaps find a way to create so much damage without detection makes it a really worrying concern."

The Operation Cyber Guardian was a joint effort between the CSA, IMDA and other relevant agencies working with the telcos to implement remediation measures and close off UNC3886's access points. The operation involved over 100 defenders from six government agencies.

Teo also acknowledged that while the attack had been thwarted, there were still concerns about the potential impact on Singapore's critical infrastructure. "We are working closely with our telcos to ensure they have the necessary tools and capabilities to prevent such attacks," she said.

The incident highlights the need for increased vigilance and cooperation between governments and private sector players in the face of growing cyber threats. Singapore's experience serves as a stark reminder that no country is immune to cyberattacks, and that it takes a coordinated effort to protect against them.