{"id":4467,"date":"2026-02-11T07:40:19","date_gmt":"2026-02-11T07:40:19","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2026\/02\/11\/singapore-takes-down-chinese-hackers-targeting-telco-networks\/"},"modified":"2026-02-11T07:40:19","modified_gmt":"2026-02-11T07:40:19","slug":"singapore-takes-down-chinese-hackers-targeting-telco-networks","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2026\/02\/11\/singapore-takes-down-chinese-hackers-targeting-telco-networks\/","title":{"rendered":"Singapore Takes Down Chinese Hackers Targeting Telco Networks"},"content":{"rendered":"
\n

The Singapore government disrupted cyber-attacks attributed to Chinese-nexus cyber threat group UNC3886 which targeted the country\u2019s four telecommunications operators.<\/p>\n

The law enforcement operation, dubbed Operation Cyber Guardian, spanned from the summer of 2025 to early 2026 but remained secret until now.<\/p>\n

The Cyber Security Agency of Singapore (CSA) revealed what happened in a report published on February 9, 2026.<\/p>\n

Singapore\u2019s Largest Anti-Cyber Threat Initiative<\/strong><\/h2>\n

On July 18, 2025, K Shanmugam, Singapore\u2019s Coordinating Minister for National Security, warned that UNC3886, an advanced persistent threat (APT) group associated to the Chinese regime, had been conducting cyber-attacks against the country\u2019s critical infrastructure.<\/p>\n

Details of the attacks remained secret at the time to preserve Singapore\u2019s national security.<\/p>\n

In its latest report, CSA shared that the four telcos detected intrusions and notified CSA and the Infocomm Media Development Authority (IMDA) of the breach. The two government agencies then quickly brought together a taskforce of over 100 cyber defenders across six agencies to help the telcos mitigate the threat.<\/p>\n

Aside from the CSA and IMDA, entities involved in Operation Cyber Guardian included the Centre for Strategic Infocomm Technologies (CSIT), the Digital and Intelligence Service (DIS), the Government Technology Agency of Singapore (GovTech) and the Internal Security Department (ISD).<\/p>\n

CSA explained that Operation Cyber Guardian spanned 11 months and was the largest and longest-running anti-cyber threat effort in the country\u2019s history.<\/p>\n

Inside UNC3886\u2019s Cyber-Attack Against Singaporean Telcos<\/strong><\/h2>\n

The investigations have indicated that UNC3886 had launched a deliberate, targeted and well-planned campaign against Singapore\u2019s telecommunications companies which included M1, SIMBA Telecom, Singtel and StarHub.<\/p>\n

In one instance, the hacking group used a zero-day exploit to bypass a perimeter firewall installed at the target companies and gained access into one of the victims\u2019 networks. They also managed to exfiltrate a small amount of technical data, likely network-related data to advance the threat actors\u2019 operational objectives.<\/p>\n

In another instance, UNC3886 used advanced tools like\u00a0rootkits to maintain persistent access, cover its tracks and evade detection.<\/p>\n

\u201cThis made it challenging for cyber defenders to detect the actor\u2019s presence, requiring the cyber defenders to conduct comprehensive security checks across the networks,\u201d CSA wrote.<\/p>\n

The law enforcement effort was successful, since the UNC3886 attack \u201chas not resulted in the same extent of damage as cyber-attacks elsewhere.\u201d CSA wrote.<\/p>\n

The threat actor was able to gain unauthorised access into some parts of telco networks and systems but CSA stated that it found no evidence that the threat actor managed to disrupt telecommunications services or that sensitive or personal data were accessed or exfiltrated.<\/p>\n

The operation\u2019s cyber defenders have since implemented remediation measures, closed off UNC3886\u2019s access points and expanded monitoring capabilities in the targeted telcos.<\/p>\n

However, CSA said the telcos must \u201cmaintain vigilance against new attempts by UNC3886 to re-enter their networks.\u201d<\/p>\n

Josephine Teo, Singapore\u2019s Minister-in-charge of Cybersecurity, highlighted the important role played by critical infrastructure operators. \u201cYour actions, or inaction, can determine whether we succeed or fail in protecting our critical infrastructure, and our national security. I urge all of you to continue investing in upgrading your systems as well as your capabilities,\u201d she said.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

The Singapore government disrupted cyber-attacks attributed to Chinese-nexus cyber threat group UNC3886 which targeted the country\u2019s four telecommunications operators. The law enforcement operation, dubbed Operation Cyber Guardian, spanned from the summer of 2025 to early 2026 but remained secret until now. The Cyber Security Agency of Singapore (CSA) revealed what happened in a report published<\/p>\n","protected":false},"author":2,"featured_media":4468,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4467","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4467-d548f6ab-5b11-47bd-9acb-dfc15e93b97a.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4467-d548f6ab-5b11-47bd-9acb-dfc15e93b97a-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4467-d548f6ab-5b11-47bd-9acb-dfc15e93b97a.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4467-d548f6ab-5b11-47bd-9acb-dfc15e93b97a.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4467-d548f6ab-5b11-47bd-9acb-dfc15e93b97a.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4467-d548f6ab-5b11-47bd-9acb-dfc15e93b97a.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4467-d548f6ab-5b11-47bd-9acb-dfc15e93b97a.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4467-d548f6ab-5b11-47bd-9acb-dfc15e93b97a.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4467-d548f6ab-5b11-47bd-9acb-dfc15e93b97a.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4467-d548f6ab-5b11-47bd-9acb-dfc15e93b97a.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4467-d548f6ab-5b11-47bd-9acb-dfc15e93b97a-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4467","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=4467"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4467\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/4468"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=4467"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=4467"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=4467"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}