Summary4 min read

Risky Bulletin: Chinese Cyber-Spies Breached All of Singapore's Telcos

Podcast: Risky Bulletin (Risky Biz)
Date: February 11, 2026
Host/Reader: Claire Airdrop
Prepared by: Catalyn Kim Panu

Episode Overview

This episode covers major cybersecurity news updates, headlined by an unprecedented breach of all major Singaporean telecommunications providers by a Chinese espionage group. The bulletin also reports on new security features from Microsoft, significant data leaks by hacktivists, regulatory moves in data privacy, international cybercrime busts, and advances in ad blocking technology.

Key Discussion Points & Insights

1. Massive Singapore Telco Breach by Chinese APT (00:04)

Main Story: Chinese state-linked cyber-spies, tracked as UNC388, breached all four of Singapore’s major telcos in 2025.
- Hackers exploited zero-day vulnerabilities in firewall appliances and used rootkits for persistence.
- Authorities spent 11 months eradicating the threat from networks.
- UNC388 is known for targeting networking/enterprise gear (e.g., Fortinet, Juniper, VMware).
- Quote:
  
  "Singapore's Cyber Security Agency says the breaches used zero days in the telco's firewalls and rootkits to maintain persistence." [00:21]
Attribution: Singapore's Cyber Security Agency publicly credited UNC388 with these attacks.

2. Microsoft, Intel, and Security Advances (00:44)

Microsoft: Introducing two new Windows 11 security features:
- Baseline Security Mode: Adds runtime integrity safeguards.
- User Transparency & Consent: New prompts for sensitive resource access by applications.
- Quote:
  
  "Baseline security mode will enable runtime integrity safeguards... Windows user transparency and Consent will prompt users to allow apps access to sensitive resources." [00:46]
Intel: Trust Domain Extensions (TDX) 1.5 updates rolled out, supporting live migration and partitioning vital for cloud confidentiality.
- Google helped audit the code; 35 vulnerabilities were found and fixed including one critical compromise risk.
- Quote:
  
  "Google's security team cooperated with intel to audit the code before release. They identified 35 flaws, including one vulnerability that could have allowed full compromise of TDX execution environments. The flaws have been fixed." [01:07]
Discord: Age verification (video selfie or government ID) becomes mandatory for app use starting in March.

3. Regulatory & Policy Highlights (01:26)

FTC Action:
- Warns 13 data brokers for selling sensitive American data to foreign adversaries, violating the "Protecting Americans Data from Foreign Adversaries Act of 2024".
- Countries banned: China, Russia, Iran, North Korea.
- Quote:
  
  "The Federal Trade Commission has sent warnings to 13 brokers who sold data about Americans to foreign adversaries." [01:38]
India:
- Rolls out offline age verification tool leveraging Aadhaar biometrics; main use: policing and hospitality.
Nigeria:
- Plans national cybersecurity framework: includes mandated breach reports, intelligence sharing, and response plans.

4. Major Data Leaks and Cybercrime (01:51)

Hacktivist Leak:
- Handle: Wicked
- Leaked 530,000+ records from Ukrainian stalkerware vendor Structura (customer emails, partial payments).
- Quote:
  
  "A hacktivist has leaked more than 530,000 records from a Ukrainian stalkerware company, Structura." [01:52]
Russia:
- Crackdown on Telegram for failure to police fraud/terrorism; concurrent launch of government messaging app "Max" and central bank database initiative (limits on bank/payment cards).
Poland:
- Arrested a 29-year-old, eight years post-breach, who leaked 2M user credentials from an electronics marketplace.
- Quote:
  
  "His arrest comes eight years after he breached the market. Morleigh the man has also admitted to leaking the personal details of more than 2 million users." [02:36]
Netherlands:
- Detained a 21-year-old for selling the "Joker OTP" phishing kit to intercept one-time passwords via Telegram.

5. International Cyber & InfoOps Events (02:58)

US Sentencing:
- Chinese national sentenced (in absentia) to 20 years for laundering $73M from SE Asian scam compounds.
- Fled US after cutting off ankle monitor in 2025.
Russia Grants Asylum:
- To Enrique Arias Gil (No Name 057 hacktivist), wanted in the EU for running disinfo channels and promoting DDoS attacks.
- Gil seeks Russian citizenship.
GRU InfoOps Mapping:
- Researchers at Check First identified GRU information operations units via analysis of insignia and photographs.
- Mapped out units’ structure, command chains, and FSB SIGINT teams.
- Quote:
  
  "Security researchers say they've used military unit patches to map the internal structure of Russia's information operations." [03:38]

6. Adblocking & Browser Privacy (04:04)

Manifest V3 Impact:
- Goethe University: Chrome’s new extension rules (Manifest V3) don’t meaningfully reduce ad-blocking effectiveness compared to previous versions or Firefox.
- Quote:
  
  "Researchers also didn't find a noticeable difference in ad blocking efficiency on Chrome compared to Firefox." [04:19]

Notable Quotes & Memorable Moments

Singapore Telco Breach:

"Authorities spent 11 months evicting the hackers from the compromised networks." [00:16]
FTC on Data Brokers:

"The law forbids brokers from selling sensitive data to countries such as China, Russia, Iran and North Korea." [01:44]
Russian Control of Messaging Apps:

"Russian authorities have granted political asylum to a Spaniard with connections to the No Name 057 hacktivist group Enrique Arias..." [03:20]

Important Segment Timestamps

Singapore Telco Breach: 00:04 – 00:31
Microsoft/Intel Announcements: 00:44 – 01:14
Discord Age Verification: 01:15 – 01:25
FTC Data Broker Warnings: 01:26 – 01:45
Hacktivist Stalkerware Leak: 01:51 – 02:01
Russian Moves on Telegram & Banking: 02:02 – 02:17
India/Nigeria Cyber Initiatives: 02:18 – 02:30
Poland/Netherlands Cybercrime: 02:31 – 02:49
US/Cambodia Scam Sentencing: 02:50 – 03:13
Russian Information Warfare Mapping: 03:38 – 04:03
Adblocker Manifest V3 Analysis: 04:04 – 04:23

Summary Flow & Tone

The episode employs a succinct, matter-of-fact tone while cramming a wide range of high-impact cyber news into a single digest. The focus is strongly international, highlighting global interconnectedness and the evolving sophistication of threats, defensive technologies, and policy responses. Standout stories are delivered with urgency and append expert attributions, leaving listeners well-informed on the latest cybersecurity landscape without hype or sensationalism.

Loading summary

Transcript1 lines

[00:04]
A
China has breached all of Singapore's major telcos Microsoft announces two new security features A hacktivist leaks data from a stalkerware provider, and researchers map out GRU information warfare units based on their insignia. This is the risky bulletin prepared by Catalyn Kim Panu and read by me, Claire Airdrop. Today is the 11th of February, and this podcast episode is brought to you by Trail of Bits. In today's top story, a Chinese cyber espionage group has breached all four of Singapore's major telcos. The breaches occurred last year. Authorities spent 11 months evicting the hackers from the compromised networks. Singapore's Cyber Security Agency says the breaches used zero days in the telco's firewalls and rootkits to maintain persistence. The agency attributes the hack to a group it tracks as UNC388. The group regularly exploits networking and enterprise gear such as Fortinet, Juniper and VMware. In other news Microsoft will roll out two new security features in Windows 11. Baseline security mode will enable runtime integrity safeguards to prevent tampering or unauthorised changes. Windows user transparency and Consent will prompt users to allow apps access to sensitive resources. Intel has updated its CPU technology for confidential computing tasks. Version 1.5 of the Trust Domain extensions adds live migration and Trust domain partitioning. Both features support cloud vendors who want to protect user data while it's being processed. Google's security team cooperated with intel to audit the code before release. They identified 35 flaws, including one vulnerability that could have allowed full compromise of TDX execution environments. The flaws have been fixed. Discord is rolling out age verification checks in March. All users will be required to verify their age by taking a video selfie or uploading a government id until age is verified. Users will receive a teenage appropriate experience. In October, identity documents were stolen from a third party used by Discord for age verification. The Federal Trade Commission has sent warnings to 13 brokers who sold data about Americans to foreign adversaries. The companies are accused of failing to follow the U.S. protecting Americans Data from Foreign Adversaries act of 2024. The law forbids brokers from selling sensitive data to countries such as China, Russia, Iran and North Korea. A hacktivist has leaked more than 530,000 records from a Ukrainian stalkerware company, Structura. The data includes email addresses and partial payment information of people that bought spyware and phone tracking services. The hacktivist, who goes by the hand handle Wicked, has published the data on a hacking forum. Russia's Internet watchdog has restricted access to Telegram. Officials said the app has failed to crack down on fraud and terrorism. Russia previously blocked access to Telegram in August and October last year. In June, the Russian government launched its competing messaging app Max. Meantime, the Central bank of Russia will build a database to hold the financial information of every citizen. The the database will store details of citizens bank accounts and payment cards. Individuals will not be permitted to own more than 20 cards in total, with a limit of five cards per bank. The Indian government has launched a new offline age verification app. The app will use information from the country's Aadhaar biometrics database. It'll allow users to prove they're above a certain age without sharing their date of birth. The process is intended primarily for policing and hospitality. The Nigerian government is working on a national cyber security framework. It's expected to go live this year and will require companies to meet minimum cybersecurity requirements. Those include breach reporting timelines, threat intelligence sharing and response plans. A 29 year old has been arrested in Poland for hacking an electronics marketplace. His arrest comes eight years after he breached the market. Moreleigh the man has also admitted to leaking the personal details of more than 2 million users. Dutch police have detained a 21 year old on cybercrime charges. The suspect allegedly sold a phishing kit on Telegram that could intercept one time passwords named Joker otp. The kit called victims to ask for the code when attackers were trying to access accounts with valid credentials. A Chinese national has been sentenced in absentia to 20 years in a US prison for laundering funds from Cambodian cyberscam compounds. Darren Lee was part of a group that laundered more than $73 million through shell companies and international bank accounts. Lee is currently not in US custody. He was arrested in 2024, but last year he cut off his ankle monitor and fled the country. Russian authorities have granted political asylum to a Spaniard with connections to the no Name 057 hacktivist group Enrique Arias. Gil was placed on the EU's most wanted list in September. He is accused of running the Russian disinformer TE channel and promoting no names DDoS attacks to Spanish speaking audiences. Gil has filed paperwork to become a Russian citizen. Security researchers say they've used military unit patches to map the internal structure of Russia's information operations. Finnish security firm Check first analysed 118 photographs of insignia patches and military pennants. The Information operations troops were established in 2014 inside Russia's military intelligence service, the GRU. Check first ident identified units, their chains of command and facility locations. Check first also tracked down the FSB's SIGINT units based on their metals. And finally, adblocker vendors appear to have adopted Chrome's new manifest V3 extensions API. Goethe University in Frankfurt found no significant reduction in ad blocking effectiveness compared to manifest V2. Researchers also didn't find a noticeable difference in ad blocking efficiency on Chrome compared to Firefox. And that is all for this podcast. Ed Today's show is brought to you by our sponsor, Trail of Bits. Find them@trailerbits.com thanks for your company.