Hackers Used Zero-Day and Rootkits to Infiltrate National Telecom Networks

North Korean Hackers Weaponize Developer Tools to Turn Code Workflows Into Malware Delivery Channels

Hackers Used Zero-Day and Rootkits to Infiltrate National Telecom Networks

A stealth campaign hit core communications infrastructure, yet defenders stopped disruption before it spread.

Authorities revealed that the China-linked threat actor UNC3886 breached the country’s four largest telecom operators: Singtel, StarHub, M1, and Simba Telecom.

Investigators confirmed that attackers reached critical systems at least once last year. However, response teams prevented deeper movement and kept services running.

Officials initially disclosed the intrusions in July 2025 but shared limited detail at that time.

How the Attackers Got In

The Cyber Security Agency of Singapore now says the group deployed a zero-day exploit to bypass perimeter firewalls. After entry, operators stole technical data to advance their objectives.

In another intrusion, investigators discovered the use of rootkits. These tools helped attackers hide activity and maintain persistence for an unknown period.

Authorities have not identified the affected vendor or product.

Containment at Speed

Despite confirmed compromises across all operators, investigators found no evidence of customer data theft. Networks continued to function throughout the response.

The CSA and the Infocomm Media Development Authority activated a large-scale effort involving more than a hundred specialists from multiple agencies. Teams sealed access paths quickly and widened monitoring across other national infrastructure.

That move reduced the chance of attackers pivoting into banking, transportation, or healthcare environments.

Government Message to Defenders

Minister for Digital Development and Information Josephine Teo warned that limited damage should not create comfort. She emphasized that constant pressure from advanced actors makes sustained vigilance essential.

A Familiar Adversary

Security researchers have tracked UNC3886 for several years. The group routinely targets telecom, government, and technology organizations. It favors zero-day exploitation and stealth persistence.

Other countries have reported similar activity from China-aligned actors. Campaigns attributed to Salt Typhoon previously struck broadband providers in North America, demonstrating how telecom infrastructure remains a strategic intelligence objective.

Strategic Implication

Telecom networks connect everything. Even small footholds can provide long-term surveillance value.

This incident shows that rapid coordination and decisive containment can prevent outages. Meanwhile, it confirms that sophisticated adversaries will keep returning with new methods.

Over 20,000 Instagram Accounts Hijacked Through Meta AI Support Flaw

Nottingham University Data Breach Exposes Records of More Than 450,000 Students

DragonForce Ransomware Hides C2 Traffic Inside Microsoft Teams Infrastructure

North Korean Hackers Weaponize Developer Tools to Turn Code Workflows Into Malware Delivery Channels

Anthropic Unveils Claude Fable 5 with Built-In Cyber Safeguards as AI Security Enters a New Era

ATHR AI Vishing Platform Automates Voice Phishing at Scale

How Modern Businesses Can Measure Cyber Risk in Financial and Operational Terms Instead of Technical Guesswork

What Is Wiper Malware in Cybersecurity? Understanding One of the Most Destructive Types of Cyber Attacks

Why Delaying Software Updates Can Put Your Entire Digital Security at Risk

How Attackers Abuse Legitimate Windows Tools: Understanding LOLBins and Living-Off-the-Land Attacks

Brave Launches Paid ‘Origin’ Browser for Users Seeking a Cleaner, Privacy-First Experience

Apple Blocks $11 Billion in App Store Fraud as Mobile Threats Continue to Rise

Hackers Used Zero-Day and Rootkits to Infiltrate National Telecom Networks