The Singapore flag on top of the parliament building ahead of incoming Prime Minister Lawrence Wong's swearing-in ceremony in Singapore, on Wednesday, May 15, 2024. Wong, Singapore's fourth prime minister since independence, will have to tackle rising cost-of-living concerns, balance US-China tensions and plan for an election after succeeding Lee Hsien Loong. Photographer: Nicky Loh/Bloomberg via Getty Images

Singapore says China-backed hackers targeted its four largest phone companies | TechCrunch

February 10, 2026 adminsr

Singapore’s government has blamed a known Chinese cyber-espionage group for targeting four of its top telecommunication companies as part of a months-long attack.

In a statement MondaySingapore confirmed for the first time that the hackers, known as UNC3886, targeted the country’s telecoms infrastructure, including its largest companies: Singtel, StarHub, M1, and Simba Telecom. The government previously said that it was responding to an unspecified attack on its critical infrastructure.

While the intruders were able to breach and access some systems, they did not disrupt services or access personal information, said K. Shanmugam, the country’s coordinating minister for national security.

Google-owned cybersecurity unit Mandiant previously linked UNC3886 as an espionage group likely working on behalf of China. The Chinese government is known to conduct regular cyber-espionage operations, as well as prepositioning for disruptive attacks ahead of an anticipated invasion of Taiwan, which Beijing has routinely denied, per Reuters.

UNC3886 is known for exploiting zero-day vulnerabilities in routers, firewalls, and virtualized environments, where cybersecurity tools that are designed to spot malware cannot typically reach. The hacking group has targeted the defense, technology, and telecom industries across the U.S. and the Asia-Pacific region.

In the case of the attack on Singapore’s top telcos, Shanmugam said the hackers used advanced tools, like rootkits, to gain long-term persistence to their systems.

“In one instance, they were able to gain limited access to critical systems but did not get far enough to have been able to disrupt services,” according to the government’s statement.

Per Reuters, the telcos said in a joint statement that the companies regularly face distributed denial-of-service and other malware attacks. “We adopt defence-in-depth mechanisms to protect our networks and conduct prompt remediation when any issues are detected,” the statement read.

The attacks on Singapore’s telcos follow similar but distinctly different attacks on hundreds of telecoms companies around the world in recent years, including in the United States. Multiple governments have linked these attacks to a China-backed group dubbed Salt Typhoon.

Singapore said the attack carried out by UNC3886 has “not resulted in the same extent of damage as cyberattacks elsewhere,” referring to the Salt Typhoon hacks.