In a press release, the Cyber Security Agency of Singapore said on Monday that UNC3886 launched a deliberate campaign against the telecommunications sector and targeted all four major telcos: M1, SIMBA Telecom, Singtel, and StarHub.
KEY FACTS
- Incident Targeted cyber espionage campaign against Singapore telcos
- Actor UNC3886
- Targets M1, SIMBA Telecom, Singtel, StarHub
- Techniques Zero-day exploit, rootkits, access to virtualization and network appliances
- Response Operation CYBER GUARDIAN implemented and access points closed
UNC3886 is assessed to have been active since at least 2022 with a focus on edge devices and virtualization technologies to obtain initial access.
In one incident the actor weaponized a zero-day to bypass a perimeter firewall and siphoned a small amount of technical data. In a separate case rootkits were deployed to maintain persistence and conceal activity.
Attackers gained unauthorized access to some parts of telco networks and systems including systems described as critical. The incidents did not disrupt services and there is no evidence that customer personal data or internet availability were exfiltrated or cut off.
Authorities carried out a multi-agency operation named CYBER GUARDIAN to limit lateral movement. Remediation measures were implemented, monitoring was expanded, and specific details of the exploited flaw were not disclosed.
WHY IT MATTERS
Targeting multiple national telcos shows the potential risk to critical communications infrastructure. Rapid containment and additional monitoring reduce immediate risk but incomplete technical disclosure leaves some operational questions open.