- UNC3886 targets Singapore’s four major telecommunications companies in a state-sponsored cyber campaign.
- The attackers used rootkits and zero-day firewall exploits, but failed to steal sensitive data.
- Singapore confirmed limited unauthorized access, no disruption or exfiltration, China expected to deny involvement
The Singapore government said its four main telecommunications providers have been targeted by Chinese state-sponsored threat actors, known as UNC3886.
The attack was first spotted in mid-July 2025, but was not made public at the time, so as not to endanger the ongoing investigation and implemented countermeasures.
A subsequent investigation revealed a “deliberate, targeted and well-planned campaign against Singapore’s telecommunications sector” that put the country’s four major telecommunications companies – M1, SIMBA Telecom, Singtel and StarHub – in the crosshairs.
Unsuccessful attack
The Singapore government described the attackers as “sophisticated and persistent”, bypassing defenses using advanced tools such as rootkits and exploiting zero-day vulnerabilities in firewalls.
Fortunately, the attacks caused no significant damage, it was claimed. Even though the scammers managed to break in several times, they were unable to extract any sensitive information.
“So far, the attack on UNC3886 has not resulted in the same scale of damage as cyberattacks elsewhere,” the statement said. “The malicious actor was able to gain unauthorized access to parts of telecommunications networks and systems. In one case, they were able to gain limited access to critical systems, but did not go far enough to be able to disrupt services.”
Sensitive and personal data was not accessed or exfiltrated, nor was there any evidence that services and availability were disrupted.
We have not seen an official statement from China regarding this news, but it can be assumed that they will vehemently deny all accusations. Yet the security community has witnessed numerous incursions into telecommunications companies around the world, all attributed to Chinese state-sponsored actors. For example, in December 2024, it was reported that Typhoon Salt in China hit at least eight US telecom carriers.
Salt Typhoon and UNC3886 do not appear to be the same group.
Via TechCrunch
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
