Hackers breach all four major Singapore telcos: Teo
Technical network data was stolen during a targeted strike although officials say no customer personal records were accessed.
Singapore's four major telecommunications companies were all revealed to have been targeted by the Advanced Persistent Threat (APT) actor UNC3886 in a campaign against the city-state’s critical infrastructure.
“Our investigations have indicated that UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore’s telecommunications sector. All four of Singapore’s major telecommunications operators – M1, SIMBA Telecom, Singtel and StarHub – have been the target of attacks,” said Minister for Digital Development and Information Josephine Teo.
The attack was first announced in July 2025.
Teo said that UNC3886 deployed advanced tools in their campaign to gain access to the telco systems. For instance, they used a zero-day exploit to bypass the perimeter firewall of the telcos and gained access to the networks. They also exfiltrated a small amount of technical data believed to be primarily network-related.
After the telco detected and notified authorities of the breach, the Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) worked with relevant agencies to contain the attack.
“The operation, codenamed Operation CYBER GUARDIAN, is Singapore’s largest coordinated cyber incident response effort undertaken to date, spanning more than eleven months,” Teo said.
“So far, the attack by UNC3886 has not resulted in the same extent of damage as cyberattacks elsewhere,” the official noted.
However, UNC3886 was able to gain access to some parts of the telco networks and systems. For instance, they were able to again access to the periphery of critical systems, but not so much that they could disrupt services.
The government said that there is currently no evidence that sensitive or personal data, such as customer records were accessed or exfiltrated. There are also no indications that the attackers managed to disrupt telecommunications services, such as internet availability.
“Cyber defenders have since implemented remediation measures, closed off UNC3886’s access points and expanded monitoring capabilities in the targeted telcos,” Teo said.
The official also said that the government is working with telcos to strengthen Singapore’s cyberdefences, enhance detection capabilities, and deploy active monitoring systems. Companies are also rolling out initiatives, such as joint threat hunting, penetration testing, and levelling up of capabilities.
