Photo: Tang Yan Song / Shutterstock.com
Chinese state-sponsored hacking group Volt Typhoon has been accused of hacking Singapore Telecommunications Ltd., Singapore’s largest mobile carrier.
The breach, discovered in June, is now believed to be a part of a broader campaign against telecommunications companies and critical infrastructure operators worldwide, reports Bloomberg.
Experts believe this is just a trial run for future campaigns aimed at high-value targets, including U.S.-based telecommunication companies.
Singtel, which operates across Southeast Asia and Australia, became aware of the breach when it detected unusual data traffic within a core router. The company’s internal security team identified malware in what they described as “listening” mode, which had yet to be activated for espionage or sabotage.
While the malware remained dormant, its presence hints at a disturbing potential: either a “dry run” for a more severe attack or establishing a strategic foothold for future intrusions.
The recent breaches signal a shift from traditional espionage tactics to more invasive measures, focusing on telecommunications systems that serve as the backbone of modern society.
As per the Five Eyes intelligence alliance, Volt Typhoon’s methodology includes embedding itself in IT networks to position China for potential large-scale cyber disruption, particularly in the event of a military confrontation with Western nations.
One of Volt Typoon’s core tactics involves a tool known as a web shell. This malware can intercept and collect user credentials by masquerading as legitimate software, enabling hackers to move through systems undetected.
Cybersecurity researchers reported that a sample of this malware was uploaded from Singapore to VirusTotal, a popular malware database, on June 7. They believe the Volt Typhoon used this web shell to infiltrate the United States and India.
“The malware detected in June was subsequently dealt with and reported to relevant authorities. There was no data exfiltrated and no impact to services. However, we cannot confirm or ascertain if this is the exact same event listed in the Bloomberg article with the cited threat actors and intended targets,” a Singtel spokesperson told Candid.Technology.
Recently, China-backed hackers targeted unnamed ISPs to spread malware. In July, China-backed APT updated its toolkit targeting new macOS backdoors.
In June, RedJuliett, another China-based hacking group targeted ten countries including Taiwan, Hong Kong, Malaysia, Laos, the Philippines, South Korea, Kenya, and the United States.
“We do not comment on speculation. Singtel conducts regular malware sweeps as part of its cyber posture. We also regularly review and enhance our cybersecurity capabilities and defences to protect our critical assets from evolving threats.”
In the News: Instagram’s upcoming AI tool will identify underage teens from 2025