Singapore’s cyber watchdog has disclosed that an advanced cyber espionage group — UNC3886, with which APT10 and Red October have been linked — was behind attacks that targeted the four major telecom operators last year. The affected companies were Singtel, StarHub, M1 and Simba Telecom, which collectively provide the backbone of Singapore’s communications infrastructure. The authorities said this is the first time they have publicly acknowledged that the group’s targets have included telecommunications networks, highlighting how these systems are increasingly viewed as vital to national security.
Although the hackers were able to gain access to some areas of the operators’ networks, the Cyber Security Agency of Singapore said that no disruptions were caused to services and that no data belonging to customers was stolen. The breaches were deemed to be orchestrated to be stealthy, rather than loud, investigators said, with the hackers taking a sideways route through compromised networks inside chosen segments, rather than triggering massive outages. Officials stressed the incident was isolated and that there is no indication that the end users were directly affected and cautioned that the breaches are a serious security issue even if the attacks didn’t seem to affect them.
The hackers were able to extract a limited amount of technical information from the telecom environments, primarily network‑related data such as configuration details and system metadata. Singapore’s cyber agency believes this information was stolen to support the group’s longer‑term operational objectives, including planning future intrusions, improving their understanding of the infrastructure and identifying potential weak points. While the volume of exfiltrated data was described as small, officials cautioned that even narrow slices of high‑value technical data can significantly enhance a sophisticated actor’s capabilities.
Google‑owned cybersecurity firm Mandiant has profiled UNC3886 as a highly advanced “China‑nexus” espionage group that has previously targeted defence, technology and telecommunications organisations in both the United States and Asia. Beijing routinely rejects allegations that it conducts or sponsors cyber espionage, insisting that China opposes all forms of cyberattacks and is itself a victim of malicious cyber activity. The Chinese Embassy in Singapore did not immediately respond to requests for comment on the latest disclosures about UNC3886.
In a joint statement, Singtel, StarHub, M1 and Simba Telecom acknowledged that they regularly face a wide spectrum of cyber threats, ranging from distributed denial‑of‑service attacks and malware to phishing campaigns and more persistent, stealthy intrusions. The operators said they employ “defence‑in‑depth” strategies, combining layered security controls with continuous monitoring and prompt remediation when suspicious activity is detected. They added that they work closely with government agencies and industry experts to strengthen the resilience of Singapore’s telecom infrastructure as cyber adversaries grow more capable.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: