Singapore spent 11 months booting China-linked snoops out of telco networks

Singapore conducted an 11-month, multi-agency cleanup (Operation Cyber Guardian) to evict UNC3886—an APT linked to Chinese state-aligned espionage—that had compromised all four major telecom operators. The intruders used an unknown vulnerability to bypass defenses, deployed custom rootkits for deep persistence in infrastructure, and focused on collecting network- and traffic-level intelligence rather than causing outages or stealing consumer records.