Risky Bulletin: Chinese Cyber-Spies Breached All of Singapore's Telcos
Podcast: Risky Bulletin (Risky Biz)
Date: February 11, 2026
Host/Reader: Claire Airdrop
Prepared by: Catalyn Kim Panu
Episode Overview
This episode covers major cybersecurity news updates, headlined by an unprecedented breach of all major Singaporean telecommunications providers by a Chinese espionage group. The bulletin also reports on new security features from Microsoft, significant data leaks by hacktivists, regulatory moves in data privacy, international cybercrime busts, and advances in ad blocking technology.
Key Discussion Points & Insights
1. Massive Singapore Telco Breach by Chinese APT (00:04)
- Main Story: Chinese state-linked cyber-spies, tracked as UNC388, breached all four of Singapore’s major telcos in 2025.
- Hackers exploited zero-day vulnerabilities in firewall appliances and used rootkits for persistence.
- Authorities spent 11 months eradicating the threat from networks.
- UNC388 is known for targeting networking/enterprise gear (e.g., Fortinet, Juniper, VMware).
- Quote:
"Singapore's Cyber Security Agency says the breaches used zero days in the telco's firewalls and rootkits to maintain persistence." [00:21]
- Attribution: Singapore's Cyber Security Agency publicly credited UNC388 with these attacks.
2. Microsoft, Intel, and Security Advances (00:44)
- Microsoft: Introducing two new Windows 11 security features:
- Baseline Security Mode: Adds runtime integrity safeguards.
- User Transparency & Consent: New prompts for sensitive resource access by applications.
- Quote:
"Baseline security mode will enable runtime integrity safeguards... Windows user transparency and Consent will prompt users to allow apps access to sensitive resources." [00:46]
- Intel: Trust Domain Extensions (TDX) 1.5 updates rolled out, supporting live migration and partitioning vital for cloud confidentiality.
- Google helped audit the code; 35 vulnerabilities were found and fixed including one critical compromise risk.
- Quote:
"Google's security team cooperated with intel to audit the code before release. They identified 35 flaws, including one vulnerability that could have allowed full compromise of TDX execution environments. The flaws have been fixed." [01:07]
- Discord: Age verification (video selfie or government ID) becomes mandatory for app use starting in March.
3. Regulatory & Policy Highlights (01:26)
- FTC Action:
- Warns 13 data brokers for selling sensitive American data to foreign adversaries, violating the "Protecting Americans Data from Foreign Adversaries Act of 2024".
- Countries banned: China, Russia, Iran, North Korea.
- Quote:
"The Federal Trade Commission has sent warnings to 13 brokers who sold data about Americans to foreign adversaries." [01:38]
- India:
- Rolls out offline age verification tool leveraging Aadhaar biometrics; main use: policing and hospitality.
- Nigeria:
- Plans national cybersecurity framework: includes mandated breach reports, intelligence sharing, and response plans.
4. Major Data Leaks and Cybercrime (01:51)
- Hacktivist Leak:
- Handle: Wicked
- Leaked 530,000+ records from Ukrainian stalkerware vendor Structura (customer emails, partial payments).
- Quote:
"A hacktivist has leaked more than 530,000 records from a Ukrainian stalkerware company, Structura." [01:52]
- Russia:
- Crackdown on Telegram for failure to police fraud/terrorism; concurrent launch of government messaging app "Max" and central bank database initiative (limits on bank/payment cards).
- Poland:
- Arrested a 29-year-old, eight years post-breach, who leaked 2M user credentials from an electronics marketplace.
- Quote:
"His arrest comes eight years after he breached the market. Morleigh the man has also admitted to leaking the personal details of more than 2 million users." [02:36]
- Netherlands:
- Detained a 21-year-old for selling the "Joker OTP" phishing kit to intercept one-time passwords via Telegram.
5. International Cyber & InfoOps Events (02:58)
- US Sentencing:
- Chinese national sentenced (in absentia) to 20 years for laundering $73M from SE Asian scam compounds.
- Fled US after cutting off ankle monitor in 2025.
- Russia Grants Asylum:
- To Enrique Arias Gil (No Name 057 hacktivist), wanted in the EU for running disinfo channels and promoting DDoS attacks.
- Gil seeks Russian citizenship.
- GRU InfoOps Mapping:
- Researchers at Check First identified GRU information operations units via analysis of insignia and photographs.
- Mapped out units’ structure, command chains, and FSB SIGINT teams.
- Quote:
"Security researchers say they've used military unit patches to map the internal structure of Russia's information operations." [03:38]
6. Adblocking & Browser Privacy (04:04)
- Manifest V3 Impact:
- Goethe University: Chrome’s new extension rules (Manifest V3) don’t meaningfully reduce ad-blocking effectiveness compared to previous versions or Firefox.
- Quote:
"Researchers also didn't find a noticeable difference in ad blocking efficiency on Chrome compared to Firefox." [04:19]
Notable Quotes & Memorable Moments
- Singapore Telco Breach:
"Authorities spent 11 months evicting the hackers from the compromised networks." [00:16]
- FTC on Data Brokers:
"The law forbids brokers from selling sensitive data to countries such as China, Russia, Iran and North Korea." [01:44]
- Russian Control of Messaging Apps:
"Russian authorities have granted political asylum to a Spaniard with connections to the No Name 057 hacktivist group Enrique Arias..." [03:20]
Important Segment Timestamps
- Singapore Telco Breach: 00:04 – 00:31
- Microsoft/Intel Announcements: 00:44 – 01:14
- Discord Age Verification: 01:15 – 01:25
- FTC Data Broker Warnings: 01:26 – 01:45
- Hacktivist Stalkerware Leak: 01:51 – 02:01
- Russian Moves on Telegram & Banking: 02:02 – 02:17
- India/Nigeria Cyber Initiatives: 02:18 – 02:30
- Poland/Netherlands Cybercrime: 02:31 – 02:49
- US/Cambodia Scam Sentencing: 02:50 – 03:13
- Russian Information Warfare Mapping: 03:38 – 04:03
- Adblocker Manifest V3 Analysis: 04:04 – 04:23
Summary Flow & Tone
The episode employs a succinct, matter-of-fact tone while cramming a wide range of high-impact cyber news into a single digest. The focus is strongly international, highlighting global interconnectedness and the evolving sophistication of threats, defensive technologies, and policy responses. Standout stories are delivered with urgency and append expert attributions, leaving listeners well-informed on the latest cybersecurity landscape without hype or sensationalism.