Chinese hackers infiltrated Singapore's telcos, but no data leaked
What's the story
Singapore's government has confirmed that a known Chinese cyber-espionage group, UNC3886, targeted four of its largest telecommunication companies. The attack was part of a months-long campaign against the country's telecom infrastructure. The firms affected were Singtel, StarHub, M1 and Simba Telecom. Despite the breach, no services were disrupted or personal data compromised during this incident.
Hacking tactics
UNC3886 exploits 0-day vulnerabilities in routers, firewalls
UNC3886 is notorious for exploiting zero-day vulnerabilities in routers, firewalls, and virtualized environments. These are areas where cybersecurity tools designed to detect malware usually can't reach. The group has earlier targeted defense, technology, and telecom industries across the US and Asia-Pacific region. In Singapore's case, they used advanced tools like rootkits to gain long-term access to their systems.
Government statement
Limited access to critical systems
K. Shanmugam, Singapore's Coordinating Minister for National Security, said the hackers gained limited access to critical systems but didn't go far enough to disrupt services. The affected telcos also released a joint statement acknowledging that they regularly face distributed denial-of-service and other malware attacks. They assured that they adopt defense-in-depth mechanisms to safeguard their networks and conduct prompt remediation when any issues are detected.
Damage assessment
Not as damaging as Salt Typhoon hacks
The attack by UNC3886 on Singapore's telcos has not caused as much damage as other cyberattacks around the world. This was in reference to the Salt Typhoon hacks that targeted hundreds of telecom companies globally, including in the US. Multiple governments have linked such attacks to a China-backed group known as Salt Typhoon.