82/69 Wednesday, February 11, 2026
The hacker group known as UNC3886 has breached the networks of Singapore’s four largest telecommunications providers—Singtel, StarHub, M1, and Simba-at least once over the past year. The Cyber Security Agency of Singapore (CSA) described the incident as a well-planned and highly targeted operation. Threat actors reportedly exploited zero-day vulnerabilities to bypass firewall defenses and deployed rootkits to conceal their presence and maintain persistence without the knowledge of system administrators. However, the intrusion was not deep enough to disrupt core service operations.
To counter the threat, Singapore authorities launched Operation Cyber Guardian, mobilizing more than 100 investigators from six government agencies to take immediate control of the situation upon receiving reports of the breach. The investigation confirmed that although the attackers gained limited access to critical systems, there was no evidence indicating that sensitive customer data had been stolen, and no service disruptions were reported. Rapid response measures also helped close entry points and prevented the attack from spreading to other critical national infrastructure sectors, including banking, transportation, and healthcare.
Josephine Teo, Singapore’s Minister for Digital Development and Information, emphasized that although the damage was not as severe as some cyber incidents seen overseas, the case serves as an important reminder of the need for strong cyber defense. UNC3886 has been monitored by Mandiant researchers since 2023 and has a track record of exploiting zero-day vulnerabilities in devices such as FortiGate and VMware to target government and technology organizations worldwide. The incident bears similarities to attacks attributed to the Salt Typhoon group in the United States and Canada. However, Singapore authorities have not disclosed the technical details of the zero-day vulnerabilities or the specific products used in this attack.
