"UNC3886 launched a deliberate, targeted, and well-planned campaign against Singapore's telecommunications sector. All four of Singapore's major telecommunications operators - M1, SIMBA Telecom, Singtel and StarHub - have been the target of attacks,"
"There is no evidence to-date that sensitive or personal data such as customer records were accessed or exfiltrated. There is also no evidence that the threat actor managed to disrupt telecommunications services such as internet availability,"
"While our collective efforts have contributed to containing the attacks so far, we must be prepared that there may be future attempts to gain access into our telco infrastructure. Telcos are strategic targets for threat actors, including state-sponsored ones,"
Singapore's cybersecurity agency CSA and the Infocomm Media Development Authority (IMDA) attributed a targeted cyberespionage campaign against all four major telecommunications operators—M1, SIMBA Telecom, Singtel, and StarHub—to UNC3886, an APT active since at least 2021. The group exploited vulnerabilities in Ivanti, Juniper, and VMware products and used advanced tooling including a firewall zero-day and rootkits to achieve limited, persistent access to parts of telco networks and obtain a small amount of technical data. Investigations found no evidence to date of sensitive or personal data exfiltration or service disruption. Remediation, access closure, and expanded monitoring are underway, with preparations for possible future intrusion attempts.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]