TechTarget and Informa Tech’s Digital Business Combine. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise NEWSLETTER SIGN-UP Cybersecurity Topics World The Edge DR Technology Events Resources CYBERATTACKS & DATA BREACHES CYBER RISK CYBERSECURITY OPERATIONS THREAT INTELLIGENCE NEWS Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific Singapore & Its 4 Major Telcos Fend Off Chinese Hackers After detecting a zero-day attack, the country's effective response was attributed to the tight relationship between its government and private industry. Robert Lemos, Contributing Writer February 18, 2026 4 Min Read SOURCE: RIDHAMSUPRIYANTO VIA SHUTTERSTOCK For 11 months, Singapore's cybersecurity agencies and four major telecommunications firms fought an invisible battle to block a China-linked cyberthreat actor from disrupting communications and Internet access, eventually succeeding in ousting the cyberattackers from their networks. The operation, dubbed Cyber Guardian, involved more than 100 cyber-incident responders from multiple government agencies as well as the four major telecommunications companies serving Singapore — M1, Simba Telecom, Singtel, and StarHub, according to a description of the incident published by Singapore's Cyber Security Agency (CSA). The cyber-threat group, identified as China-linked actor UNC3886, deployed "advanced tools" as part of its operation, including a zero-day exploit to bypass a perimeter firewall and rootkits to maintain persistence, the CSA stated in the incident report. Overall, Singapore's CSA and the Infocomm Media Development Authority (IMDA) have found no evidence that the attackers' compromised personal data or disrupted any telecommunications service or access to the Internet. The attackers did gain unauthorized access to some telecommunications networks and systems, including critical systems, but were not able to parlay that access into service disruptions, the CSA stated. Related:Senegalese Data Breaches Expose Lack of Security Maturity "[O]ur investigations have indicated that UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore's telecommunications sector," the CSA stated in its incident report, adding: "The threat actor's activities were initially detected by the telcos, who then notified IMDA and CSA of the breach." The incident is the latest attack by China's cyber-operations groups against telecommunications firms and critical infrastructure. Nearly a dozen telecommunications and networking firms in the US — including Verizon, T-Mobile, and AT&T — have found signs of Salt Typoon in their systems. The cyber-threat actor even breached some US states' National Guard systems for nearly a year. The Chinese Salt Typhoon group also targeted a Canadian telecommunications firm last year, according to a government notice. The attacks led US security agencies to warn of China's "global espionage system" last August, but the US government reportedly backed off imposing sanctions on the country to smooth trade negotiations. Telecommunications Under Attack The attack on Singapore's telecommunications sector evolved in its sophistication and, because it targeted critical information infrastructure (CII), could have caused significant disruption, says Lim May-Ann, executive director for the Coalition for Cybersecurity in Asia Pacific (CCAPAC) and director at Access Partnership, an independent global advisory and public policy firm. Related:Protests Don't Impede Iranian Spying on Expats, Syrians, Israelis "The attack was very well-planned," she says. "APTs are systemic attacks, and the fact that this was ... on Singapore's CII meant that the target was strategically identified as a critically important sector to attack [and] that this was a well-thought out operation." Overall, Singaporean authorities collaborated with the telecommunication firms to limit UNC3886's access to and movement through the networks. To a large degree, the effort was successful, the CSA stated. The incident and Singapore's strong response show the benefit of a strong public-private partnership, says Agnidipta Sarkar, chief evangelist at zero-trust security provider ColorTokens. "Singapore's telcos maintained an unaffected service through effective breach containment and resilience as cyberattacks continued," he says. "This, coupled with the unprecedented public-private coordination, transparent attribution and naming, and proactive hardening post-incident, hitherto not seen in any other country in the world, demonstrates the commitment to collaborative cyber defense that leaders in Singapore are driving." Related:Big Breach or Smooth Sailing? Mexican Gov't Faces Leak Allegations The incident highlights that China is developing a strong expertise in compromising critical infrastructure and telecommunications systems, says Collin Hogue-Spears, a senior director of solution management at application-security firm Black Duck. "Beijing-affiliated groups are building a telecom targeting library one allied nation at a time," he says, adding, "No customer records were stolen. No services were disrupted. No ransom was demanded. UNC3886 spent 11 months inside four national carriers collecting network blueprints." What Singapore Did Right However, the collaborative effort also shows that intelligence sharing can work, but only if the information and infrastructure are responsive to threats, says Trey Ford, chief strategy and trust officer at Bugcrowd, a crowd-sourced security firm. "Singapore's response seems to reinforce the fact that the close relationship between the government and private industry can make for a strong cybersecurity response," he says. While the US and European Union have repeatedly called for public-private partnerships, the efforts often result in one-sided relationships because "in practice, defenders rarely see actionable intelligence flowing back to the private sector," Ford says. The CSA incident report also highlighted the danger that state-sponsored cyberattacks pose to critical infrastructure. "While our collective efforts have contributed to containing the attacks so far, we must be prepared that there may be future attempts to gain access into our telco infrastructure," the agency stated. "Telcos are strategic targets for threat actors, including state-sponsored ones. They play a foundational role in powering the digital economy and transmit vast amounts of information, including sensitive data. If threat actors succeed in attacking our telcos, they have the potential to undermine our national security and our economy." Naming the actual group that attacked Singapore also shows that the country is being transparent about its approach to cybersecurity, says CCAPAC's Lim. "From a cybersec concern perspective," she says, "the fact that SG has chosen to clearly name UNC3886 as the attacking group is a strong signal to the public and other nations that, one, SG's cyber defenses are in place, and, two, that it is a shared responsibility between critical infrastructure players and the public sector to safeguard national interests." Read more about: DR Global Asia Pacific About the Author Robert Lemos, Contributing Writer Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends. More Insights Industry Reports ThreatLabz 2025 Ransomware Report The Total Economic Impact™ Of Zscaler Private Access (ZPA) Zscaler ThreatLabz 2025 VPN Risk Report GigaOm Radar for CNAPP The Total Economic Impact™ of Google SecOps Access More Research Webinars Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models Healthcare Security: Protecting Patient Data and Clinical Operations Ransomware and the Supply Chain: A Fireside Chat with the CISOs Who Literally Wrote the Book on Third-Party Risk More Webinars You May Also Like CYBERATTACKS & DATA BREACHES CodeRED Emergency Alert Platform Shut Down Following Cyberattack by Rob Wright DEC 01, 2025 CYBERATTACKS & DATA BREACHES Malaysian Airport's Cyber Disruption a Warning for Asia by Robert Lemos, Contributing Writer APR 02, 2025 CYBERATTACKS & DATA BREACHES Oracle Appears to Admit Breach of 2 'Obsolete' Servers by Jai Vijayan, Contributing Writer APR 09, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Editor's Choice ENDPOINT SECURITY Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy — Again byNate Nelson, Contributing Writer FEB 12, 2026 6 MIN READ CYBER RISK Those 'Summarize With AI' Buttons May Be Lying to You byJai Vijayan, Contributing Writer FEB 12, 2026 5 MIN READ CYBERATTACKS & DATA BREACHES Senegalese Data Breaches Expose Lack of Security Maturity byNate Nelson, Contributing Writer FEB 12, 2026 5 MIN READ Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST Healthcare Security: Protecting Patient Data and Clinical Operations THURS, APRIL 9