Singapore's government has attributed a recent cyber-espionage attack to a known group linked to China, targeting its four leading telecommunications companies.
In an announcement made on Monday, officials revealed that the hackers, identified as UNC3886, infiltrated the nation's telecom infrastructure, affecting major players like Singtel, StarHub, M1, and Simba Telecom. This marks the first time Singapore has publicly acknowledged the specific group behind the attack, which had previously been described as an unspecified threat to critical infrastructure.
Despite the breach, K. Shanmugam, the coordinating minister for national security, stated that while some systems were accessed, there was no disruption to services or exposure of personal data.
The cybersecurity firm Mandiant, a subsidiary of Google, has previously associated UNC3886 with espionage activities likely conducted on behalf of the Chinese government. Known for its cyber-espionage initiatives, China has been linked to various global cyber operations.
UNC3886 has a reputation for exploiting zero-day vulnerabilities in essential network devices, including routers and firewalls, which often evade detection by conventional security measures. The group has targeted sectors such as defense, technology, and telecommunications across the U.S. and the Asia-Pacific.
In this recent incident, the hackers employed sophisticated tools, including rootkits, to maintain long-term access to the systems. Shanmugam noted that the intruders managed to gain limited access to critical systems but did not disrupt services.
The affected telecom companies issued a joint statement, acknowledging that they routinely encounter distributed denial-of-service and other malware attacks. They emphasized their commitment to employing robust defense mechanisms and promptly addressing any detected issues.
This incident in Singapore follows a series of cyberattacks on telecom companies worldwide, including those in the United States, attributed to a different China-backed group known as Salt Typhoon. However, Singapore's officials have indicated that the damage from the UNC3886 attack was not as severe as those experienced in other regions.