, Singapore
690 views
Photo by Sora Shimazaki via Pexels

Hackers breach all four major Singapore telcos: Teo

Technical network data was stolen during a targeted strike although officials say no customer personal records were accessed.

Singapore's four major telecommunications companies were all revealed to have been targeted by the Advanced Persistent Threat (APT) actor UNC3886 in a campaign against the city-state’s critical infrastructure.

“Our investigations have indicated that UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore’s telecommunications sector. All four of Singapore’s major telecommunications operators – M1, SIMBA Telecom, Singtel and StarHub – have been the target of attacks,” said Minister for Digital Development and Information Josephine Teo.

The attack was first announced in July 2025.

Teo said that UNC3886 deployed advanced tools in their campaign to gain access to the telco systems. For instance, they used a zero-day exploit to bypass the perimeter firewall of the telcos and gained access to the networks. They also exfiltrated a small amount of technical data believed to be primarily network-related.

After the telco detected and notified authorities of the breach, the Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) worked with relevant agencies to contain the attack.

“The operation, codenamed Operation CYBER GUARDIAN, is Singapore’s largest coordinated cyber incident response effort undertaken to date, spanning more than eleven months,” Teo said.

“So far, the attack by UNC3886 has not resulted in the same extent of damage as cyberattacks elsewhere,” the official noted.

However, UNC3886 was able to gain access to some parts of the telco networks and systems. For instance, they were able to again access to the periphery of critical systems, but not so much that they could disrupt services.

The government said that there is currently no evidence that sensitive or personal data, such as customer records were accessed or exfiltrated. There are also no indications that the attackers managed to disrupt telecommunications services, such as internet availability.

“Cyber defenders have since implemented remediation measures, closed off UNC3886’s access points and expanded monitoring capabilities in the targeted telcos,” Teo said.

The official also said that the government is working with telcos to strengthen Singapore’s cyberdefences, enhance detection capabilities, and deploy active monitoring systems. Companies are also rolling out initiatives, such as joint threat hunting, penetration testing, and levelling up of capabilities.

Follow the link s for more news on

Join Singapore Business Review community
A NOTE FROM SINGAPORE BUSINESS REVIEW

The people you want to reach are already in this room.

Every quarter, SBR lands on the desks of the founders, CFOs, and directors running Asia's most consequential companies. Every day, they open our newsletter and read our website. It's a room that took twenty years to build — and it's the one most of our partners are trying to get into.

The good news is that the door is open. We work with companies on thought leadership articles, sponsored content, industry summits across Southeast Asia, regional awards programmes, podcasts, and media placements in print and digital. The shape of the right partnership depends on what you're trying to do, which is why we'd rather start with a conversation than send a rate card.


If you have something this room should know about, tell us. We'll tell you honestly whether we can help, and how.

No rate cards until we understand the brief. It's a better use of everyone's time.