What happened
Security agencies in Singapore confirmed that state-linked Chinese cyberspies breached the networks of the country’s four largest telecommunications providers: Singtel, StarHub, M1, and Simba Telecom. According to the report, the Singapore government disclosed that malicious activity attributed to a China-linked advanced persistent threat involved unauthorized access to internal systems at all four telcos. The intrusions were uncovered during government-led forensic investigations and were linked through shared infrastructure and tactics associated with Chinese cyber-espionage operations. Authorities stated that the attackers established persistent access within the affected environments, enabling long-term surveillance and data collection activities. The breaches were assessed as part of coordinated espionage operations rather than isolated incidents, with compromises occurring months before detection.
Who is affected
Singtel, StarHub, M1, and Simba Telecom are directly affected, as unauthorized access to their internal networks allowed threat actors to maintain persistent presence and conduct espionage activity.
Why CISOs should care
The compromise of multiple national telecommunications providers in a single espionage campaign highlights the strategic value of telecom infrastructure and the elevated risk posed by state-linked threat actors targeting core communications networks.
3 practical actions
- Strengthen internal segmentation. Limit lateral movement across telecom network environments.
- Detect persistence mechanisms. Monitor for long-lived unauthorized accounts and covert access paths.
- Coordinate with government agencies. Share telemetry and findings with national cybersecurity authorities to support collective defense.