InfoSecBulletin Cybersecurity for mankind
UNC3886 got accessed Singapore’s four main telecommunication providers—Singtel, StarHub, M1, and Simba—at least once last year. On 18 July 2025, Minister Mr. K Shanmugam announced that the APT group UNC3886 was found targeting our critical infrastructure, but no further details were provided for security reasons then.
Recent investigations by the Cyber Security Agency (CSA) show that UNC3886 has launched a targeted campaign against Singapore’s telecommunications sector namely all four major operators—M1, SIMBA Telecom, Singtel, and StarHub.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CSA reported that, UNC3886 used advanced methods over time. It deployed advanced tools in their campaign to gain access into our telco systems. They used a zero-day exploit to bypass a perimeter firewall of our telcos and gained access into our telco networks. They also managed to exfiltrate a small amount of technical data; this is believed to be primarily network-related data to advance the threat actors’ operational objectives.
and the threat actor utilised advanced tools and techniques such as rootkits to maintain persistent access and cover their tracks and evade detection. This made it challenging for cyber defenders to detect their presence, requiring the cyber defenders to conduct comprehensive security checks across the networks.
The CSA and IMDA reported suspicious activity from telcos and assigned over a hundred investigators from six government agencies under the operation CYBER GUARDIAN.
“So far, the attack by UNC3886 has not resulted in the same extent of damage as cyberattacks elsewhere,” stated the country’s Minister for Digital Development and Information, Josephine Teo, earlier today at an official engagement event.
“This is not a reason to celebrate, rather it is to remind ourselves that the work of cyber defenders matters,” the Minister said.
UNC3886 has been tracked by Mandiant researchers since 2023, targeting government, telecommunication, and technology firms by exploiting zero-day flaws in FortiGate firewalls (CVE-2022-41328), VMware ESXi (CVE-2023-20867), and VMware vCenter Server endpoints (CVE-2023-34048).
