Chinese hackers known as UNC3886 breached Singapore’s four largest telecom providers—Singtel, StarHub, M1, and Simba—multiple times last year. They managed to get limited access to critical systems but did not disrupt services or steal sensitive customer data. This intrusion came to light in July 2025, prompting Singapore's Cyber Security Agency (CSA) to initiate ‘Operation Cyber Guardian’ to curb the attackers' activity, although specific details about the operation were scarce. The attackers exploited a zero-day vulnerability to bypass network firewalls and steal technical data. They also used rootkits to maintain a low profile and persistent access over an unspecified duration. Investigations involved over a hundred personnel from six government agencies, leading to measures that contained the breach and prevented potential attacks on other critical sectors such as banking and healthcare. Josephine Teo, Singapore’s Minister for Digital Development and Information, remarked that while the damage wasn't as severe as other cyberattacks globally, it highlights the ongoing importance of cybersecurity efforts. UNC3886 has been tracked since 2023 and is known for targeting government and technology firms by exploiting various zero-day vulnerabilities. In the past, this group has also been linked to breaches affecting U.S. broadband providers and Canadian telecoms, showcasing a broader trend of state-sponsored cyber threats. Singaporean authorities did not disclose which specific zero-day vulnerability was used in this instance, leaving some questions unanswered about the attack's mechanics.