Particle.news
Download on the App Store
16 ARTICLES
·
3d ago

Singapore Details UNC3886 Cyber Campaign on All Four Telcos as Intrusions Contained

Authorities report the 11‑month operation closed access points with no evidence of customer data loss or service disruption.

A man looks out of the window under a Singtel signage at their head office in Singapore February 12, 2015. REUTERS/Edgar Su/File Photo
The Singapore flag on top of the parliament building ahead of incoming Prime Minister Lawrence Wong's swearing-in ceremony in Singapore, on Wednesday, May 15, 2024. Wong, Singapore's fourth prime minister since independence, will have to tackle rising cost-of-living concerns, balance US-China tensions and plan for an election after succeeding Lee Hsien Loong. Photographer: Nicky Loh/Bloomberg Photographer: Nicky Loh/Bloomberg
Image
Image

Overview

  • Singtel, StarHub, M1 and SIMBA were all targeted in a deliberate, well‑planned espionage campaign attributed to the APT group UNC3886.
  • Investigators say a zero‑day exploit was used to bypass a perimeter firewall, with a small amount of technical network data exfiltrated.
  • UNC3886 deployed rootkits to maintain stealthy, persistent access, though access to critical systems did not progress far enough to disrupt services.
  • CSA and IMDA said segregated high‑sensitivity assets such as 5G networks were not compromised.
  • Operation Cyber Guardian mobilized more than 100 defenders across six agencies and the telcos, and authorities warn of possible re‑entry attempts as remediation and expanded monitoring continue alongside the telcos’ defence‑in‑depth commitments.