The Singapore government has blamed a Chinese cyber-espionage group known for targeting four major Chinese telecommunications companies as part of a months-long attack.
Singapore acknowledged for the first time in a statement on Monday that the hacker known as UNC3886 had targeted its telecoms infrastructure, including the country’s biggest companies Singtel, StarHub, M1 and Simba Telecom. The government had previously said it was responding to unspecified attacks on critical infrastructure.
K. Shanmugam, the country’s coordinating minister for national security, said the intruders were able to break into and gain access to some systems, but did not disrupt services or access personal information.
Mandiant, Google’s cybersecurity arm, previously linked UNC3886 to a spy group likely working on behalf of China. According to Reuters, the Chinese government is known to regularly conduct cyber espionage and prepare devastating attacks ahead of an anticipated invasion of Taiwan, which Beijing routinely denies.
UNC3886 is known for exploiting zero-day vulnerabilities in routers, firewalls, and virtualized environments, in locations that are typically inaccessible to cybersecurity tools designed to detect malware. This hacker group targets the defense, technology, and communications industries in the United States and the Asia-Pacific region.
Mr Shanmugam said that in the case of the attack on Singapore’s leading telco, the hackers used sophisticated tools such as rootkits to gain long-term persistence of the system.
“In some instances, we were able to gain limited access to critical systems, but this was not sufficient to disrupt services,” the government said in a statement.
The carriers said in a joint statement that they regularly face distributed denial of service and other malware attacks, according to Reuters. “We employ layered defense mechanisms to protect our network and implement prompt remediation when issues are detected,” the statement said.
The attack on the Singapore telecom company follows similar but distinctly different attacks on hundreds of telecom companies around the world in recent years, including in the United States. Several governments have linked these attacks to a Chinese-backed group called Salt Typhoon.
Referring to the Salt Typhoon hack, Singapore said the UNC3886 attack “has not caused the same level of damage as cyberattacks in other regions.”
Source link
