Singapore telco hack shows threats lurking inside networks
Device and cloud security are emerging weak spots.
Cyberattacks on Singapore’s four main telecommunication operators in 2025 underscore how digital threats have shifted beyond traditional perimeter defenses, forcing critical infrastructure providers to secure systems end to end.
The incident showed how mature operators can be vulnerable once attackers penetrate initial defenses.
“As organisations expand into Internet of Things (IoT), 5G, and cloud-enabled services, security has to extend beyond the network perimeter,” Syed Natashrul, Asia‑Pacific head at Wireless Logic Group Ltd., told Singapore Business Review in an emailed reply to questions.
He cited device authentication, certificate-based identity management, and cloud data protection as growing weak points.
In February, Minister for Digital Development and Information Josephine Teo said M1 Ltd., Simba Telecom Pte. Ltd., Singapore Telecommunications Ltd., and StarHub Ltd. were compromised in a coordinated campaign linked to advanced persistent threat (APT) group UNC3886.
Authorities said attackers used a zero‑day exploit to bypass perimeter firewalls and gain access, exfiltrating a limited amount of network-related technical data. Core systems such as the 5G network were not breached, and no sensitive customer data was accessed.
APT-style intrusions were amongst the most prevalent attack types in the city-state, often supported by phishing or credential theft at the point of entry, according to ThreatBook Pte. Ltd.’s 2025 Singapore Threat Intelligence Report.
UNC3886, first publicly identified in mid‑2025, has a history of cyber-espionage targeting telecommunications, defence and critical infrastructure across the US and Asia.
Robert Pizzari, Asia group vice president at Splunk Services Singapore Pte. Ltd., said the attacks illustrate how threat actors increasingly avoid noisy assaults on external defenses.
“Advanced attackers increasingly compromise network components such as routers or authentication systems, where they can quietly observe activity and remain undetected for extended periods,” he said in an emailed reply to questions.
As a result, security priorities are shifting toward continuous monitoring and internal visibility rather than one-off perimeter controls.
Natashrul said organisations need layered protections such as behavioural analytics and anomaly detection to identify suspicious activity that traditional tools may miss.
Executives are also being urged to reconsider how cybersecurity investments are evaluated. Rather than focusing on upfront costs, firms should assess total cost of ownership, factoring in long-term maintainability, resilience, and compliance with global standards.
Pizzari said telecommunication operators need stronger detection through artificial intelligence-driven analytics, closer integration between security, information technology, and operation teams, and faster response via automation.
Wai Kit Cheah, chief information security officer and connected ecosystem leader for Asia-Pacific at Lumen Technologies Singapore Pte. Ltd., said expanding critical infrastructure obligations and deeper public‑private coordination will be key to preserving trust as networks modernise.
“The question is not whether Singapore can prevent every future intrusion, but whether it can consistently reduce attacker dwell time, constrain lateral movement, and preserve public trust under sustained pressure,” he said in an emailed reply to questions.
