**Singapore Telcos Breached in China-Linked Cyber Espionage Campaign**

A coordinated cyber espionage campaign has left Singapore's four major telecommunications companies reeling, with the country's Cyber Security Agency (CSA) revealing that advanced persistent threat group UNC3886 breached their networks last year.

The attack, which was part of Operation Cyber Guardian, saw the authorities work closely with the telcos to limit the movement of UNC3886 into their networks and ensure their systems remained safe to use. According to the CSA, "so far, the attack by UNC3886 has not resulted in the same extent of damage as cyberattacks elsewhere."

UNC3886, a group linked to China, used advanced hacking tools, including at least one previously unknown software flaw (zero-day) to bypass firewalls and slip inside telecom systems. In some cases, the intruders exfiltrated small amounts of technical data related to how networks were set up, and used rootkits to maintain hidden access.

These discoveries align with previously mapped tactics, techniques, and procedures (TTPs) associated with UNC3886. Hundreds of defenders across several government agencies spent over 11 months trying to kick out the intruders and secure the systems.

The operation brought together cyber experts from CSA, IMDA, the Centre for Strategic Infocomm Technologies, the Digital and Intelligence Service, GovTech, and the Internal Security Department. Despite the breach, there's no indication that customer records or other personal data were taken, and most of the access gained was limited.

The experience has pushed the public and private sectors in Singapore to tighten their cyber teamwork. Government officials say the coordinated approach taken in Operation Cyber Guardian reflects a broader national doctrine: when critical infrastructure is threatened, organizations share information and defensive work to stop attackers.

UNC3886 is believed to be a China-nexus cyber espionage group, although Singapore's authorities haven't publicly named any country behind the group. Some external security firms link UNC3886 to state actors. Independent cybersecurity researchers say the group has been active globally for years, hitting organizations in sectors such as defense, technology, and telecommunications.

The targeting of telcos bears resemblance to previous attack campaigns pinned on the China-backed Salt Typhoon APT: the hacks of US and Canadian telcos. In related news, the Norwegian Police Security Service recently revealed that Salt Typhoon has compromised vulnerable network devices in Norwegian organizations.

**Stay ahead of the latest breaches, vulnerabilities, and cybersecurity threats with our breaking news email alert. Subscribe now!**