CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Nation-State·Malware & Threats

Singapore: Rootkits, Zero-Day Used in Chinese Attack on Major Telecom Firms

China-linked UNC3886 targeted all four major telecom providers, but did not disrupt services or access customer information. The post Singapore: Rootkits, Zero-Day Used in Chinese Attack on Major Telecom Firms appeared first on SecurityWeek.

China hacks telecoms firms

All four major telecommunications providers in Singapore were targeted last year by a Chinese APT, according to Singapore’s cybersecurity agency CSA and its development agency IMDA.

The attack, initially disclosed in July, was attributed to UNC3886, a cyberespionage group active since at least 2021, which is known for targeting vulnerabilities in Ivanti, Juniper, and VMware products.

“UNC3886 launched a deliberate, targeted, and well-planned campaign against Singapore’s telecommunications sector. All four of Singapore’s major telecommunications operators – M1, SIMBA Telecom, Singtel and StarHub – have been the target of attacks,” CSA says.

As part of the campaign, the agency notes, the APT deployed advanced tools, including a zero-day exploit in a firewall, to access a telco’s network and obtain a small amount of technical data.

UNC3886 was also seen deploying rootkits to evade detection and maintain persistent access to the compromised environments.

CSA says UNC3886 gained limited access to some parts of the victim companies’ networks and systems, but could not disrupt services.

“There is no evidence to-date that sensitive or personal data such as customer records were accessed or exfiltrated. There is also no evidence that the threat actor managed to disrupt telecommunications services such as internet availability,” CSA says.

The cybersecurity agency says it has been working with the targeted organizations to investigate the intrusions, close the threat actor’s access, implement remediation measures, and expand monitoring capabilities across the impacted networks.

“While our collective efforts have contributed to containing the attacks so far, we must be prepared that there may be future attempts to gain access into our telco infrastructure. Telcos are strategic targets for threat actors, including state-sponsored ones,” CSA notes.

The agency says it will introduce initiatives to improve Singapore’s cyber capabilities and ensure better and faster response to similar attacks.

Related: Chinese Spies Target Networking and Virtualization Flaws to Breach Isolated Environments

Related: Notepad++ Supply Chain Hack Conducted by China via Hosting Provider

Related: EU Plans Phase Out of High Risk Telecom Suppliers, in Proposals Seen as Targeting China

Related: China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear

Latest News

CYBERNEWSMEDIAPublisher