Singapore says its four largest phone companies were hit by Chinese hackers

News
By published

UNC3886 thought to be behind latest attacks

China
(Image credit: Shutterstock)
  • UNC3886 targets all four major Singapore telcos in a state-sponsored cyber campaign
  • Attackers used rootkits and zero-day firewall exploits but failed to steal sensitive data
  • Singapore confirmed limited unauthorized access, no disruption or exfiltration, China expected to deny involvement

The Singapore government has said all four of its major telecommunications providers have been targeted by Chinese state-sponsored threat actors known as UNC3886.

The attack was first spotted in mid-July 2025, but at the time was not publicized, not to endanger the ongoing investigation and countermeasures being implemented.

Subsequent investigation uncovered a “deliberate, targeted, and well-planned campaign against Singapore’s telecommunications sector” that put all four of the nation's major telcos - M1, SIMBA Telecom, Singtel and StarHub – in the crosshairs.

Unsuccessful attack

Singapore's government described the attackers as “sophisticated and persistent”, getting past defenses using advanced tools such as rootkits, and exploiting zero-day vulnerabilities in firewalls.

Luckily enough, the attacks did not cause any meaningful damage, it was said. While the crooks managed to break in on some occasions, they were not able to extract any sensitive information.

“So far, the attack by UNC3886 has not resulted in the same extent of damage as cyberattacks elsewhere,” the statement says. “The threat actor was able to gain unauthorized access into some parts of telco networks and systems. In one instance, they were able to gain limited access to critical systems but did not get far enough to have been able to disrupt services.”

Sensitive and personal data were not accessed or exfiltrated, and there’s no evidence that services and availability were disrupted, either.

We have not seen an official statement from China regarding this news, but it’s safe to assume it will vehemently deny all accusations. Still, the security community has seen numerous incursions into telco companies around the world, all attributed to Chinese state-sponsored actors. For example, in December 2024, it was reported that China’s Salt Typhoon hit at least eight US telcos.

Salt Typhoon and UNC3886 do not appear to be the same group.

Via TechCrunch

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.