Singapore has launched its largest-ever coordinated cyber defense operation following a highly targeted cyberattack on telecommunications that affected all four of the country’s major telecommunications operators.   The cyberattack in Singapore was attributed to the advanced threat actor UNC3886, according to Minister for Digital Development and Information and Minister-in-charge of Cybersecurity and Smart Nation Group, Josephine Teo. She disclosed the details on Feb. 9 while speaking at an engagement event for cyber defenders involved in the national response effort, codenamed Operation Cyber Guardian.  Teo confirmed that the UNC3886 cyberattack in Singapore targeted M1, Singtel, StarHub, and Simba.

Also read: ‘UNC3886 is Attacking Our Critical Infrastructure Right Now’: Singapore’s National Security Lawmaker

Decoding the UNC3886 Cyberattack in Singapore 

Once suspicious activity was detected, the affected operators immediately alerted the Infocomm Media Development Authority (IMDA) and the Cyber Security Agency of Singapore (CSA). CSA, IMDA, and several other government bodies then launched Operation Cyber Guardian to contain the breach.   The operation involved more than 100 cyber defenders from six government agencies, including CSA, IMDA, the Singapore Armed Forces’ Digital and Intelligence Service, the Centre for Strategic Infocomm Technologies, the Internal Security Department, and GovTech, all working closely with the telcos.  Teo said the response has, for now, managed to limit the attackers’ activities. Although the attackers accessed a small number of critical systems in one instance, they were unable to disrupt services or move deeper into the telco networks. “There is also no evidence thus far to suggest that the attackers were able to access or steal sensitive customer data,” she said. 

UNC3886 Cyberattack Posed Severe Risks to Essential Services 

Despite the containment, Teo warned against complacency. She stressed that the cyberattack in Singapore highlighted the presence of persistent threat actors capable of targeting critical infrastructure. She added that sectors such as power, water, and transport could also face similar threats and urged private-sector operators to remain vigilant.  The government, Teo said, will continue to work closely with critical infrastructure operators through cybersecurity exercises and the sharing of classified threat intelligence to enable early detection and faster response. “But even as we try our best to prevent and detect cyber-attacks, we may not always be able to stop them in time,” she said. “All of us must also be prepared for the threat of disruption.”  The UNC3886 operation was first revealed publicly in July 2025 by Minister for Home Affairs and Coordinating Minister for National Security K Shanmugam. Teo described the telecommunication cyberattack as a “potentially more serious threat” than previous cyber incidents faced by Singapore, noting that it targeted systems directly responsible for delivering essential public services.  “The consequences could have been more severe,” she said. “If the attack went far enough, it could have allowed the attacker to one day cut off telecoms or internet services.”  Investigations later revealed that the UNC3886 cyberattack in Singapore was a deliberate, targeted, and well-planned campaign aimed specifically at the telco sector. The attackers exploited a zero-day vulnerability, a previously unknown flaw for which no patch was available at the time. Teo likened this to “finding a new key that no one else had found, to unlock the doors to our telcos’ information system and networks.”  After gaining access, UNC3886 reportedly stole a small amount of technical data and used advanced techniques to evade detection and erase forensic traces. Beyond espionage, the group was assessed to have the capability to disrupt telecommunications and internet services, which could have had knock-on effects on banking, finance, transport, and medical services. 

Telcos and Government Strengthen Defenses Against Persistent Threats 

In a joint statement, M1, Singtel, StarHub, and Simba said they face a wide range of cyber threats, including distributed denial-of-service attacks, malware, phishing, and persistent campaigns.   To counter these risks, the telcos said they have implemented defense-in-depth measures and carried out prompt remediation when vulnerabilities are identified. They also emphasized close collaboration with government agencies and industry experts to strengthen resilience. “Protecting our critical infrastructure is a top priority. We will continue to keep pace with the evolving cyber threat landscape and update our measures accordingly,” the statement said.  UNC3886 is a China-linked cyber espionage actor classified as an Advanced Persistent Threat. The “UNC” label indicates that the group remains uncategorized. Cybersecurity researchers have observed that UNC3886 frequently targets network devices and virtualization technologies, often exploiting zero-day vulnerabilities. The group primarily focuses on defense, technology, and telecommunication organizations in the United States and Asia. 

Regulators said they would look at whether the deal for Manus, a Singapore start-up with Chinese roots, complied with China’s export and investment rules.

© Jason Henry for The New York Times

By Salleh Kodri, Sr Presales consultant, Cyble As 2025 comes to a close, one thing is clear to me: The most damaging cyber incidents across ASEAN this year did not start with malware, zero-days, or system breaches. They started with trust. Across my work in Malaysia, Singapore, Thailand, Indonesia, the Philippines, and Vietnam, I repeatedly saw organizations doing “everything right” from a technical security standpoint, yet still suffering real-world damage because their brand, identity, or executives were exploited. 2025 was the year many of us finally realized that brand is no longer a marketing concern. It is a cyber asset, and in ASEAN, it has become one of the most abused attack surfaces.

Malaysia: When Customers Were Hit Before Banks Even Knew

In Malaysia, I saw multiple cases where:

• Fake banking websites and phishing pages were already circulating
• Scam campaigns were active in Bahasa Malaysia
• Customers were already losing money

Before the institution itself had any alert. What struck me was this: There was no breach. No malware. No SOC alert. The damage happened entirely outside the bank’s environment, through brand impersonation, fake domains, and social media abuse. By the time complaints reached the organization, trust had already eroded. The lesson was painful but clear: If you only monitor what happens inside your network, you will always be late.

Singapore: Reputation Damage Moves Faster Than Regulation

In Singapore, the challenge was not capability, it was speed and exposure. I observed:

• Fake government-related services appearing online
• Impersonation attempts abusing official-looking communications
• Scam infrastructure spun up and taken down rapidly

Even in a highly regulated, mature environment, brand abuse moved faster than response processes. What concerned stakeholders most was not technical impact, but public confidence. Once trust is questioned, no amount of post-incident explanation can fully undo the damage. Singapore reinforced a critical truth for me in 2025: Cybersecurity maturity does not automatically protect digital reputation.

Thailand: Executive Impersonation Became the Weakest Link

In Thailand, the most alarming trend I encountered was executive identity abuse. We saw:

• Fake LINE and WhatsApp accounts impersonating senior leaders
• Social media profiles cloning executives from banks and enterprises
• Attempts to influence internal decisions using perceived authority

These were not sophisticated hacks. They were psychological attacks, exploiting hierarchy, respect, and urgency. What made this dangerous was that traditional security tools had no visibility into it. The risk sat squarely at the intersection of human trust and digital identity, a space most security programs were not designed to defend.

Indonesia: Scale Made Brand Abuse a Business Model

Indonesia showed me what happens when scale meets weak visibility. With its massive digital population, attackers exploited:

• Fake mobile apps using trusted brand names
• Clone domains targeting regional customers
• Long-running scam campaigns that reused infrastructure

In several cases, takedown efforts were slow, not because teams didn’t care, but because they discovered the abuse far too late. By the time action was taken, the attackers had already moved, rebranded, and relaunched elsewhere. Indonesia highlighted something important: Brand abuse in ASEAN is not opportunistic, it is industrialized.

Philippines: Trust Was Exploited Through Familiarity

In the Philippines, what stood out to me was how attackers weaponized familiar communication channels. We encountered:

• SMS and messaging-based impersonation
• Social engineering campaigns tailored to local behavior
• Brand abuse that felt “normal” to recipients

Victims didn’t think they were being attacked. They thought they were interacting with legitimate services. The danger here wasn’t technology, it was perception. And perception is exactly what brand abuse manipulates best.

Vietnam: Digital Growth Outpaced Brand Defense

Vietnam’s rapid digital growth in 2025 came with an unintended consequence: Brand exposure expanded faster than brand protection. I observed:

• New digital services being impersonated almost immediately
• Fake pages and domains launched within days of public announcements
• Limited monitoring beyond core infrastructure

Vietnam reminded me that digital transformation without intelligence-led visibility creates silent risk, especially when brand assets are treated as secondary concerns.

Why 2025 Changed My View on Cyber Risk in ASEAN

Across all these countries, one pattern kept repeating:

• No malware required
• No system compromise needed
• No technical alert triggered

Yet real harm occurred—financial, reputational, and regulatory. That was my biggest takeaway of 2025: Cyber risk in ASEAN is no longer defined by system compromise alone. It is defined by how easily trust can be abused.

Brand Is Now a Cyber Asset, Whether We Like It or Not

In 2025, I stopped asking: “Is this a cybersecurity issue?” And started asking: “Does this harm trust, safety, or public confidence?” Because once customers, citizens, or partners lose trust, recovery becomes exponentially harder than restoring a system from backup. Brands, executives, and digital identities now require the same discipline we apply to networks and endpoints:

• Continuous monitoring
• Early intelligence
• Rapid disruption
• Clear ownership

Looking Into 2026: Trust Will Be the New Perimeter

As ASEAN continues to digitize, attackers will not slow down. They will go where defense is weakest, and in many organizations, that is still outside the firewall. In 2026, the question will no longer be: “Are we secure?” It will be: “Do we know how our brand, identity, and trust are being abused—right now?” Those who answer that question honestly and act on it will be ahead. Those who don’t will keep defending systems while attackers exploit perception.

Personal Closing

2025 changed how I see cybersecurity in ASEAN. Not as a technology problem, but as a trust problem. And trust, once lost, is the hardest asset to recover. (This article reflects the author’s analysis and personal viewpoints and is intended for informational purposes only. It should not be construed as legal or regulatory advice.)

The European Union and Singapore are intensifying their digital collaboration, following the second meeting of the Digital Partnership Council in Brussels. The discussions stressed strategic priorities across critical technology sectors, including artificial intelligence (AI), cybersecurity, semiconductors, and digital trade.   The Digital Partnership Council was co-chaired by Henna Virkkunen, Executive Vice-President of the European Commission for Tech Sovereignty, Security and Democracy, and Josephine Teo, Singapore’s Minister for Digital Development and Information. Since the European Union and Singapore partnership was launched in February 2023, the council has monitored progress and adjusted its focus to reflect current technological and market developments. 

European Union and Singapore on AI and Digital Safety 

AI remained a central topic, with both the European Union and Singapore reaffirming the importance of existing frameworks that ensure the safe development and deployment of AI technologies. Future cooperation was discussed in areas such as language AI models, linking the EU’s Alliance for Language Technologies European Digital Infrastructure Consortium (ALT-EDIC) with Singapore’s Sea-Lion model.   Online safety and scam prevention were also highlighted as growing priorities. Both parties expressed a commitment to protecting vulnerable groups, particularly minors, by exploring tools such as age-verification mechanisms and digital protection that enhance user trust online. 

Digital Trust and Identity 

Strengthening digital trust remains a key goal under the EU–Singapore Digital Partnership. The council explored the development of interoperable trust services and verifiable credentials that could enable secure cross-border digital identity use cases. This approach aims to simplify regulatory compliance and facilitate smoother digital transactions across sectors, supporting both public and private initiatives.  Cybersecurity remains a cornerstone of the Digital Partnership Council’s agenda. Both the European Union and Singapore emphasized the importance of assessing new cyber threats and reinforcing resilience through coordinated bilateral and multilateral actions. The ongoing focus reflects recognition of cybersecurity’s vital role in sustaining market confidence and protecting digital infrastructure. 

Data, Semiconductors, and New Technologies 

The council also reviewed strategies to enhance cross-border data flows and explored potential collaboration in shared data spaces. Both parties expressed interest in research partnerships in semiconductors and quantum technologies, recognizing the value of cross-border investments and scientific collaboration under frameworks such as Horizon Research. These initiatives aim to strengthen innovation capabilities and ensure long-term technological competitiveness.  The EU and Singapore reaffirmed their goal for digital trade, building on the Digital Trade Agreement signed in May 2025. This agreement sets binding rules that enhance legal certainty, protect consumers, and remove unnecessary barriers to digital commerce. Through this framework, the Digital Partnership Council seeks to foster economic security and innovation while reinforcing international digital standards. 

A Strategic Framework for Future Cooperation 

Since its inception in 2023, the EU–Singapore Digital Partnership has aimed to empower businesses and citizens to fully leverage technological opportunities. The partnership has focused on bridging the digital divide, promoting trusted data flows, developing digital identities, and fostering skills and research excellence.   By continuing to align strategies and advance joint projects, the European Union and Singapore are setting a model for international digital cooperation, ensuring that both economies remain competitive and secure in the technology-driven world.