In a striking revelation, all four principal telecommunications companies in Singapore have recently been targeted by a state-sponsored cyber espionage group known as UNC3886. This development marks a significant moment in the ongoing battle against cyber threats, with the group's malicious activities aimed at disrupting critical services in Singapore first coming to light in July 2025.
Fortunately, authorities have confirmed that no sensitive information was breached or extracted, and vital systems such as the 5G core remained intact. On February 9, during an event honoring the contributions of cyber defenders against UNC3886, Minister for Digital Development and Information Josephine Teo disclosed that Singtel, StarHub, M1, and Simba Telecom were specifically identified as targets of this coordinated attack. She stated, "Our investigations reveal that the actions of UNC3886 were not random; they were part of a deliberate, targeted, and meticulously planned campaign against our telecommunications sector."
This announcement came during an event held at the Cybersecurity Agency of Singapore (CSA) office in Punggol Digital District, where Teo acknowledged the valiant efforts of those defending against these cyber threats.
Investigations indicated that while the attackers managed to extract a limited amount of technical data and accessed some critical systems, they did not succeed in disrupting any services. The Infocomm Media Development Authority (IMDA) and CSA further assured the public that the most sensitive and essential systems, particularly those related to 5G networks, were securely isolated and remained uncompromised.
Despite the lack of stolen sensitive data, Teo emphasized that the implications of these attacks should not be underestimated. "Firstly, these attackers demonstrate a capability to access sensitive information for espionage purposes. Secondly, they possess the potential to deploy additional tools to disrupt telecommunications and internet services, which could ultimately affect everything reliant on phone or internet connectivity," she warned.
She elaborated on the potential cascading effects of these cyber assaults, mentioning that disruptions could extend to crucial sectors like banking, finance, transportation, and healthcare services. Teo, who also oversees Cybersecurity and Smart Nation initiatives in Singapore, drew attention to the severe consequences of compromised telecom infrastructure, citing a notable incident in Korea where the SIM data of approximately 27 million users was exposed following an attack on SK Telecom in April 2025. Moreover, U.S. authorities reported in the same year that an advanced persistent threat (APT) group named Salt Typhoon had infiltrated numerous U.S. telecommunications providers, potentially accessing sensitive military or law enforcement information.
Teo noted that successful cyberattacks can undermine confidence in Singapore’s reputation as a global financial and logistics hub. Many multinational corporations choose to establish their global headquarters in Singapore due to its reliable and secure digital connectivity. "If businesses perceive uncertainty regarding our systems—whether they are secure, resilient, and dependable—they may hesitate to operate here," she asserted.
The Minister urged vigilance and stressed the importance of the diligent work performed by cyber defenders and the need for proactive communication. Despite suspicious activities detected by the telecommunications companies back in March 2025 not reaching the threshold required for issuing an alert, they promptly reported these anomalies to the CSA. This action initiated a coordinated multi-agency response, dubbed Operation Cyber Guardian, which represents Singapore's largest collaborative cyber defense effort to date, involving over 100 cyber defenders from six government agencies, including the CSA, IMDA, Singapore Air Force's Digital and Intelligence Service, Centre for Strategic Infocomm Technologies, Internal Security Department, and GovTech.
"Thus far, our adversaries have not managed to penetrate deeper into our telecommunication networks," Teo confirmed.
Further investigations revealed that UNC3886 gained initial access through a zero-day vulnerability—a previously unknown flaw lacking a fix—located at the perimeter firewall. Teo likened this breach to "discovering a new key that no one else had found to open locked doors."
To bolster defenses, additional measures have been implemented to enhance detection capabilities, redesign network structures, and strengthen systems against future attacks. The practice of 'purple teaming,' which involves simulated attacks and defensive strategies to evaluate and improve organizational security, has been employed to ensure that remediation efforts are effective.
However, Teo cautioned that despite these proactive measures, there is no assurance against ongoing attempts to infiltrate Singapore’s critical infrastructure in the future. APTs, often backed by nation-states with substantial resources in technology and personnel, are persistent and will not easily relent. "In summary, the struggle continues, and we must all play our part in this fight, " she concluded.
She also called upon operators of critical infrastructure—many of which are private enterprises—to persist in investing in system upgrades and enhancing their capabilities. "You stand on the front lines in the battle against cyber threats. Your decisions, whether to act or remain inactive, can significantly influence our success or failure in safeguarding our critical infrastructure and national security," Teo articulated.
In a collaborative statement, the four telecommunications companies acknowledged that all operators face a variety of cyber threats, including distributed denial of service attacks, malware, phishing, and increasingly sophisticated advanced persistent threats. "We implement defense-in-depth strategies to safeguard our networks and swiftly address vulnerabilities when identified. Additionally, we collaborate closely with governmental agencies and industry experts to enhance our security and resilience," the telcos asserted. They reaffirmed that the protection of critical infrastructure remains their highest priority, and they are committed to adapting alongside the evolving landscape of cyber threats.
