"The Cyber Security Agency of Singapore said advanced persistent threat UNC3886 dug itself into the networks of all four major telecom providers, sparking an 11-month digital eviction effort involving more than 100 personnel from across government, military, intelligence, and industry. Branded "Operation Cyber Guardian," the cleanup saw the state and telco engineers teaming up to flush the intruders out while keeping the nation's phone and data pipes flowing."
"According to Singapore's account, the attackers slipped past perimeter defenses using a previously unknown flaw, then dug in using custom rootkits that let them stay hidden deep inside telecom systems. Officials didn't say what bugs had been exploited, but UNC3886 was previously observed exploiting zero-day flaws in FortiGate firewalls, VMware ESXi, and VMware vCenter Server endpoints. Investigators believe the operation focused on siphoning off technical network information that could support long-term intelligence collection, rather than stealing customer records or causing outages that might draw attention."
Singapore carried out an 11-month operation to remove suspected China-linked espionage group UNC3886 from the networks of all four major telecom providers. More than 100 personnel from government, military, intelligence, and industry participated in a coordinated cleanup called Operation Cyber Guardian to evict intruders while maintaining phone and data services. UNC3886 exploited a previously unknown flaw and used custom rootkits to remain hidden inside telecom systems. Investigations indicate the objective was to collect technical network information for long-term intelligence rather than to steal customer records or cause disruptive outages. Officials stopped short of formally attributing the intrusions to Beijing.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]