JAKARTA - The Singapore government revealed that the country's four major telecommunications companies were targeted by an international cyber espionage group last year. The Singapore Cyber Security Agency (CSA) said the attack targeted strategic telecommunications infrastructure, although it did not disrupt public services.
In its statement on Monday, February 9, CSA said Singtel, StarHub, M1, and Simba Telecom were attacked by the UNC3886 hacker group. This group is known as a highly sophisticated and target-oriented cyber espionage actor with strategic value.
"The hackers managed to penetrate and gain access to several parts of the telecommunications system, but were unable to disrupt services and did not access customer personal data," the CSA said.
However, the Singapore cyber security authority admitted that the group had managed to extract a small portion of technical data. "They also managed to extract a small amount of technical data; this data is believed to be mainly network data intended to support the operational objectives of threat actors," said the CSA.
Google's cybersecurity company, Mandiant, previously classified UNC3886 as a Chinese-linked espionage group. According to Mandiant, this group has launched attacks on defense, technology, and telecommunications organizations in the United States and Asia.
The Chinese government has consistently denied accusations of involvement in cyber espionage. Beijing says it opposes all forms of cyber attacks and instead claims to often be the victim of cybercrime. Until this news was released, the Chinese Embassy in Singapore had not responded to Reuters' request for comment.
This statement released on Monday is the first time the Singapore government has publicly revealed the type of infrastructure that is the target of the UNC3886 group. In July 2025, the government only said it was dealing with cyber attacks on "high-value strategic assets" without detailing the sector.
In a joint statement, the four telecommunications operators confirmed that cyber threats are a risk faced by all industries. They said attacks could take the form of distributed denial-of-service, malware, phishing, to advanced threats that are persistent.
"We implement layered defense mechanisms to protect the network and conduct rapid mitigation when problems are detected," the four companies said in a joint statement. They also added that cooperation with government agencies and industry experts continues to be carried out to improve the security and resilience of the system.
This case underscores that in the digital age, fiber optic cables and servers are as strategic as ports and airports. Attacks that are not visible to the public could be more valuable than visible disruptions, and Singapore seems to want to make sure the message gets through, without having to wait for the network to completely go dark.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
