Singapore’s government has accused a well-known Chinese cyber espionage group of targeting four of its top telecommunications companies as part of a months-long attack.
In statement on MondaySingapore confirmed for the first time that the hackers, known as UNC3886, targeted the country’s telecommunications infrastructure, including its biggest companies: Singtel, StarHub, M1 and Simba Telecom. The government previously said it was responding to an unspecified attack on its critical infrastructure.
While the attackers were able to breach and gain access to some systems, they did not disrupt services or access personal information, said K. Shanmugam, the country’s coordinating minister for national security.
Mandiant cybersecurity unit owned by Google previously connected UNC3886 as an espionage group likely working on behalf of China. The Chinese government is known to conduct regular cyber-espionage operations, as well as planning subversive attacks ahead of an expected invasion of Taiwan, which Beijing consistently denies, according to Reuters.
UNC3886 is known for exploiting zero-day vulnerabilities in routers, firewalls, and virtualized environments, where cybersecurity tools designed to detect malware typically cannot reach. The hacking team has it targeted the defense, technology and telecommunications industries throughout the US and the Asia-Pacific region.
In the case of the attack on Singapore’s top telco, Shanmugam said hackers used advanced tools, such as rootkits, to gain long-term persistence on their systems.
“In one instance, they were able to gain limited access to critical systems, but not enough to be able to disrupt services,” according to the government’s statement.
According to Reuters, the telcos said in a joint statement that companies regularly face distributed denial-of-service and other malware attacks. “We adopt defense-in-depth mechanisms to protect our networks and perform immediate remediation when problems are detected,” the statement said.
The attacks on Singapore’s telecoms follow similar but distinctly different attacks on hundreds of telecommunications companies around the world in recent years, including in the United States. Many governments have linked these attacks to a Chinese-backed group called Salt Typhoon.
Singapore said the attack carried out by UNC3886 “did not have the same degree of damage as cyber attacks elsewhere”, referring to the Salt Typhoon breaches.
