Singapore says Chinese-backed hackers have targeted the four largest phone companies

The Singapore government has blamed a well-known Chinese cyber espionage group for targeting four of the largest telecommunications companies as part of a months-long attack.

In a statement on Monday, Singapore confirmed for the first time that the hackers, known as UNC3886, targeted the country’s telecoms infrastructure, including its largest companies: Singtel, StarHub, M1 and Simba Telecom. The government previously said it was responding to an unspecified attack on its critical infrastructure.

K said. Shanmugam, the country’s coordinating minister for national security, said while hackers were able to infiltrate and access some systems, they did not disrupt services or access personal information.

Google-owned cybersecurity unit Mandiant had previously linked UNC3886 as an espionage group potentially working on behalf of China. The Chinese government is known to conduct regular cyber espionage operations, as well as prepare for sabotage attacks ahead of an expected invasion of Taiwan, something Beijing has routinely denied, according to Reuters.

UNC3886 is known to exploit zero-day vulnerabilities in routers, firewalls, and virtual environments, where cybersecurity tools designed to detect malware typically cannot reach. The hacking group targeted the defense, technology, and communications industries across the United States and the Asia-Pacific region.

In the case of the attack on major telecom companies in Singapore, Shanmugam said the hackers used advanced tools, such as rootkits, to gain long-term stability of their systems.

“In one case, they had limited access to critical systems, but not sufficiently far to be able to disrupt services,” the government statement said.

According to Reuters, the telecom companies said in a joint statement that companies regularly face distributed denial of service attacks and other malware attacks. “We adopt defense-in-depth mechanisms to protect our networks and conduct rapid remediation when any issues are detected,” the statement read.

The attacks on telecom companies in Singapore follow similar but distinctly different attacks on hundreds of telecom companies around the world in recent years, including the United States. Multiple governments have linked these attacks to a Chinese-backed group dubbed “Salt Typhoon.”

Singapore said the attack carried out by UNC3886 “did not cause the same amount of damage as cyberattacks elsewhere,” referring to the Salt Typhoon hacks.