- UNC3886 targets Singapore’s four major telcos in state-sponsored cyber campaign
- The attackers used rootkits and zero-day firewall exploits, but failed to steal sensitive data.
- Singapore confirmed limited unauthorized access, without disruption or exfiltration, and China is expected to deny involvement.
The Singapore government has said that its four major telecommunications providers have been attacked by Chinese state-sponsored threat actors known as UNC3886.
The attack was first detected in mid-July 2025, but was not made public at that time, so as not to jeopardize the ongoing investigation and countermeasures that were being implemented.
A subsequent investigation uncovered a “deliberate, targeted and well-planned campaign against Singapore’s telecoms sector” that put the country’s four major telcos (M1, SIMBA Telecom, Singtel and StarHub) in the crosshairs.
failed attack
The Singapore government described the attackers as “sophisticated and persistent,” who overcame defenses using advanced tools such as rootkits and exploited zero-day vulnerabilities in firewalls.
Fortunately, the attacks did not cause significant damage, it was said. Although the criminals managed to enter on some occasions, they were not able to extract any confidential information.
“So far, the UNC3886 attack has not caused the same damage as cyberattacks elsewhere,” the statement said. “The threat actor was able to gain unauthorized access to some parts of telecommunications networks and systems. In one case, they were able to gain limited access to critical systems, but did not go far enough to be able to disrupt services.”
No confidential and personal information was accessed or exfiltrated, and there is no evidence that services and availability were disrupted.
We have not seen an official statement from China on this news, but it is safe to assume that it will vehemently deny all allegations. Still, the security community has witnessed numerous raids on telecommunications companies around the world, all attributed to Chinese state-sponsored actors. For example, in December 2024, the China Salt Typhoon was reported to have affected at least eight US telecommunications companies.
Salt Typhoon and UNC3886 do not appear to be the same group.
Through TechCrunch
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
