U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

APT

China-linked APT UNC3886 targets Singapore telcos

China-linked group UNC3886 targeted Singapore ’s telecom sector in a cyber espionage campaign, Singapore’s Cyber Security Agency revealed. Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) ran Operation CYBER GUARDIAN to protect the telecom sector. Since July 2025, investigations showed China-linked UNC3886 launched a targeted campaign against all four major […]

Singapore UNC3886 targeted Singapore

China-linked group UNC3886 targeted Singapore ’s telecom sector in a cyber espionage campaign, Singapore’s Cyber Security Agency revealed.

Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) ran Operation CYBER GUARDIAN to protect the telecom sector. Since July 2025, investigations showed China-linked UNC3886 launched a targeted campaign against all four major telcos: M1, SIMBA Telecom, Singtel, and StarHub, aiming at critical infrastructure with deliberate and well-planned attacks.

UNC3886 is a sophisticated China-linked cyber espionage group that targets network devices and virtualization technologies using zero-day exploits. Its primary focus is on defense, technology, and telecommunications sectors in the US and Asia.

In 2023, the APT group targeted multiple government organizations using the Fortinet zero-day CVE-2022-41328 to deploy custom backdoors. UNC3886 prioritizes stealth by using passive backdoors and tampering with logs and forensic artifacts to ensure long-term persistence while evading detection.

“On 18 July 2025, Coordinating Minister for National Security Mr K Shanmugam shared that Advanced Persistent Threat (APT) actor UNC3886 had been detected attacking our critical infrastructure.” reads the report published by CSA. “Over the past months, our investigations have indicated that UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore’s telecommunications sector. All four of Singapore’s major telecommunications operators (“telcos”) – M1, SIMBA Telecom, Singtel and StarHub – have been the target of attacks.”

UNC3886, a highly skilled APT group, targeted Singapore’s telcos using advanced methods over time. They exploited a zero-day to bypass a firewall and access networks, exfiltrating mainly network-related data. They also deployed rootkits to maintain persistent access, hide their activities, and evade detection, forcing cyber teams to perform thorough checks across all affected networks.

Singapore’s telcos spotted a breach by UNC3886 and promptly notified the IMDA and CSA. This started Operation CYBER GUARDIAN, Singapore’s biggest coordinated cyber response, lasting over 11 months.

“Under Operation CYBER GUARDIAN, the authorities worked closely with the telcos to limit UNC3886’s movement into the networks and ensure our systems remain safe to use. So far, the attack by UNC3886 has not resulted in the same extent of damage as cyberattacks elsewhere.” continues the report. “The threat actor was able to gain unauthorised access into some parts of telco networks and systems. In one instance, they were able to gain limited access to critical systems but did not get far enough to have been able to disrupt services.”

More than 100 cyber experts from different agencies worked with the telcos to stop the attackers, limit their access, and secure systems. The attackers gained only partial access, without stealing data or disrupting services. Authorities fixed weaknesses, blocked access points, and increased monitoring. This teamwork between the government and telcos shows Singapore’s strong national cyber defence.

The fight isn’t over. Even though efforts so far have contained the attacks, future attempts to breach telco systems remain possible. Telcos are key targets, handling vast data and supporting the digital economy, making successful attacks a threat to national security and the economy.

The government takes this seriously. CSA and IMDA are working with telcos to strengthen defences, improve detection, and monitor for UNC3886. Telcos are conducting joint threat hunting, penetration testing, and capability upgrades. CSA will also roll out initiatives to boost skills across the cyber ecosystem for faster, stronger responses.

Minister Josephine Teo thanked cyber defenders for their work in Operation CYBER GUARDIAN and urged continued vigilance.

“Your actions, or inaction, can determine whether we succeed or fail in protecting our critical infrastructure, and our national security.” said Minister Josephine Teo. “I urge all of you to continue investing in upgrading your systems as well as your capabilities.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, China)