Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

UNC3886 campaign against Singapore telecommunications sector

Campaign
First reported
Last updated
Happening score
H score 47
1 unique sources, 1 articles

Summary

Hide ▲

UNC3886 mounted a deliberate espionage campaign against Singapore's telecommunications sector, putting all four major telcos at risk. The operation targeted M1, SIMBA Telecom, Singtel, and StarHub and was active since at least 2022. Attackers used edge devices and virtualization technologies to gain initial access, then deployed rootkits and a zero-day exploit in at least one case. The campaign matters because it reached into critical telco systems even though authorities found no evidence of customer-data exfiltration or internet outages.

Related Happenings

UNC6201 Dell RecoverPoint for Virtual Machines zero-day campaign

Campaign
First: 17.02.2026 22:15 Last: 17.02.2026 22:15 Sources 1

About this happening: The **UNC6201** campaign has been exploiting a **Dell zero-day** since **mid-2024**, creating a sustained risk of unauthorized access and stealthy movement across victims' virtual...

Latest development: 19.02.2026 17:30

CISA added CVE-2026-22769 to its Known Exploited Vulnerabilities catalog and ordered Federal Civilian Executive Branch agencies to secure affected Dell RecoverPoint systems by Saturday, February 21, after Mandiant and Google Threat Intelligence Group (GTIG) said UNC6201 had exploited the flaw since at least mid-2024.

Open Happening

Singapore disrupts UNC3886 telco intrusion campaign

Law Enforcement
First: 10.02.2026 14:30 Last: 10.02.2026 14:30 Sources 1

About this happening: **Singapore** disrupted **UNC3886** attacks against the country's **four telecommunications operators**, ending a secret **11-month** counter-cyber operation. The effort, known as...

Open Happening

Singtel hit by data theft breach

Incident
First: 10.02.2026 00:47 Last: 10.02.2026 00:47 Sources 1

About this happening: A confirmed **UNC3886** breach of **Singapore’s four largest telcos**—**Singtel, StarHub, M1, and Simba**—created a multi-organization compromise risk across a critical national c...

Open Happening

Chinese threat actor campaigns against Taiwanese critical infrastructure in 2025

Campaign
First: 07.01.2026 16:00 Last: 07.01.2026 16:00 Sources 1

About this happening: **Chinese cyber threat actors** intensified **campaigns against Taiwanese critical infrastructure** in **2025**, putting **energy**, **healthcare**, **communications**, **administ...

Open Happening

Tenfold rise in China-linked cyberattacks against Taiwan's energy sector in 2025

Target Trend
First: 07.01.2026 00:27 Last: 07.01.2026 00:27 Sources 1

About this happening: **China-linked cyberattacks** against **Taiwan's energy sector** surged by **1,000% / tenfold** in **2025**, signaling a sharp escalation against **critical infrastructure**. The...

Open Happening

Timeline

  1. 09.02.2026 19:01 2 articles · 3mo ago

    CSA reveals UNC3886 campaign against Singapore telcos

    Initial Disclosure

    Cyber Security Agency (CSA) of Singapore disclosed that UNC3886 mounted a deliberate, targeted, well-planned campaign against Singapore's telecommunications sector, with all four major telcos—M1, SIMBA Telecom, Singtel, and StarHub—identified as targets. CSA said the group used a zero-day exploit to bypass a perimeter firewall, deployed rootkits for persistent access, and gained unauthorized access to some telco networks and systems, while noting no evidence of customer-record exfiltration or internet outages. The agency also said it mounted CYBER GUARDIAN, closed off UNC3886 access points, and expanded monitoring in the targeted telcos.

    Show sources
    Open in new tab