A coordinated cyber espionage campaign by the China-linked Advanced Persistent Threat (APT) group, UNC3886, has targeted Singapore's telcos in a bid to compromise critical infrastructure. The Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) have revealed that all four major telcos - M1, SIMBA Telecom, Singtel, and StarHub - were hit by UNC3886 since July 2025.

 

The sophisticated APT group, known for targeting defense, technology, and telecommunications sectors in the US and Asia, used zero-day exploits to bypass firewalls and access networks. They exploited a vulnerability (CVE-2022-41328) in Fortinet devices to deploy custom backdoors and maintain persistence while evading detection.

 

"The attack by UNC3886 has not resulted in the same extent of damage as cyberattacks elsewhere," said the report published by CSA. "However, we cannot rule out future attempts to breach telco systems."

Telcos Collaborate with Authorities to Contain Attacks

The Singapore government took swift action, launching Operation CYBER GUARDIAN, a massive coordinated response involving over 100 cyber experts from different agencies and the four major telcos. Together, they contained the attacks, limiting UNC3886's access and preventing data theft or disruption of services.

 

"The authorities worked closely with the telcos to limit UNC3886's movement into the networks and ensure our systems remain safe to use," said the report. "This teamwork between the government and telcos shows Singapore's strong national cyber defence."

Weaknesses Fixed, Defences Strengthened

Following the coordinated response, authorities fixed weaknesses in telco systems, blocked access points, and increased monitoring to prevent future breaches. The telcos also upgraded their capabilities through joint threat hunting, penetration testing, and other initiatives.

 

Minister Josephine Teo expressed gratitude for the cyber defenders' efforts during Operation CYBER GUARDIAN and urged continued vigilance: "Your actions, or inaction, can determine whether we succeed or fail in protecting our critical infrastructure, and our national security."

Staying Ahead of UNC3886's Stealthy Tactics

The government remains vigilant, working with telcos to strengthen defences and improve detection. CSA will roll out initiatives to boost skills across the cyber ecosystem for faster, stronger responses.

 

In a statement, Minister Josephine Teo emphasized: "I urge all of you to continue investing in upgrading your systems as well as your capabilities."