Singapore’s government has blamed a Chinese cyber-espionage group for allegedly targeting four major Chinese telecommunications companies as part of a months-long attack.
Singapore confirmed for the first time in a statement on Monday that hackers known as UNC3886 had targeted the country’s telecoms infrastructure, including some of the country’s largest companies such as Singtel, StarHub, M1 and Simba Telecom. The government previously said it was responding to unspecified attacks on critical infrastructure.
The intruders were able to breach and gain access to some systems, but did not disrupt services or access personal information, said K. Shanmugam, the Coordinating Minister for National Security.
Mandiant, the Google-owned cybersecurity arm, previously linked UNC3886 to a spy group possibly operating on behalf of China. According to Reuters, the Chinese government is known to conduct regular cyber espionage operations and prepare destructive attacks ahead of an expected invasion of Taiwan, claims China routinely denies.
UNC3886 is known to exploit zero-day vulnerabilities in routers, firewalls, and virtualized environments that are typically inaccessible to cybersecurity tools designed to detect malware. The hacking group targeted the defense, technology, and telecommunications industries in the United States and the Asia-Pacific region.
Shanmugam said that in the case of the attack on Singapore’s top telco, hackers used advanced tools such as rootkits to achieve long-term persistence on the systems.
“In some cases, they were able to gain limited access to critical systems, but did not reach far enough to disrupt service,” according to a government statement.
The carriers said in a joint statement that companies regularly face distributed denial of service (DDoS) and other malware attacks, according to Reuters. “We have adopted defense-in-depth mechanisms to protect our network and take immediate remediation when issues are discovered,” the statement said.
The attack on Singapore’s telecom carrier follows similar but distinctly different attacks on hundreds of telecoms across the world, including in the United States, in recent years. Several governments have linked these attacks to a Chinese-backed group called Salt Typhoon.
Singapore said the attack carried out by UNC3886 “did not cause the same degree of damage as cyberattacks elsewhere,” referring to the Salt Typhoon hack.
