SINGAPORE – Telco technical data such as network diagrams and configurations have been likened by cyber security experts to a building’s “blueprint” that could offer hackers access to critical networks with the potential to bring about outages and data leaks.
Mr Aaron Ang, chief technology officer of Singapore-based cyber security specialist Cyber Leaders Nexus, said such technical data is like “the blueprints and guard schedules of a building.”
He added: “A thief with them knows exactly where to enter, which paths to avoid cameras and how to reach restricted rooms. Even if they leave without stealing anything, the real damage is done because they know how everything connects, including backdoors into neighbouring buildings.”
British-based cyber security firm Sophos and United States-headquartered cybersecurity company Infoblox said other useful technical data include service and user account names and domain name system architecture as they allow hackers to plan future intrusions.
Their comments come after the Cyber Security Agency of Singapore revealed on Feb 9 that
state-sponsored cyber espionage group UNC3886
had exfiltrated a “small amount of technical data” from
the country’s major telcos
– Singtel, StarHub, M1 and Simba Telecom.
The authorities did not provide details of the data stolen, but said that no sensitive customer data was seen or exfiltrated, and that critical systems such as the 5G core were not compromised.
Mr Rafe Pilling, director of threat research at Sophos, said that defending telco systems against future attacks will involve keeping software up to date and the full technical logs of critical systems.
Singapore has taken similar measures, including enhancing detection measures.
If hackers had accessed a telco’s 5G core, service disruptions and massive snooping could happen.
Mr Mohan Veloo, chief technology officer for Asia-Pacific, China and Japan for United States-based cybersecurity firm F5 compared the core of a 5G network to “the brain of the system.”
“It decides how devices connect, how data is routed, and how services are prioritised,” said Mr Veloo, adding that such a breach could lead to service disruption and intelligence gathering at a national scale.
Mr Saran Raj, manager for Southeast Asia at Google Threat Intelligence Group, pointed out that a telco’s 5G network is the backbone of physical devices that are connected to the Internet.
These connected devices include autonomous buses and remote surgical equipment in hospitals, whose operations may be disrupted.
“For an autonomous vehicle or remote-controlled industrial robot, a two-second delay results in a fatal crash,” said Mr Saran.
Mr Matthias Yeo, chief executive officer of Singapore-based cybersecurity research company CyberXCenter said that attackers could also bring down emergency response services, and affect real-time financial services, market updates and fraud detection.
Government communications and public safety messages could also monitored or be disrupted.
“In this context, access to the 5G core is not merely a technical breach, it represents a direct risk to public safety, economic stability and national security,” said Mr Yeo.
Compromised telco systems had caused widespread disruption around the world.
In December 2023, an attack on Ukraine’s largest mobile network operator Kyivstar left some 24 million users without mobile and internet services for days. The disruption affected the operations of public transport, hospitals and ATMs.
The attack, which happened in the midst of the Russian-Ukraine conflict, caused air raid sirens north-eastern city of Sumy to stop working.
Mr Heng Mok, chief information security officer-in-residence for Asia Pacific and Japan at cloud-based cybersecurity company headquartered in the United States Zscaler said: “In a wartime context, a telecom outage is not merely inconvenience, it can disrupt communications for families, businesses and public services at scale.”
In April 2025, the SIM data of nearly 27 million users of South Korea’s SK Telecom was leaked. This exposed millions of users to potential identity theft and account takeover, and the company had to issue free SIM card replacements to millions of subscribers.
In October 2024, US officials revealed that sophisticated threat actor Salt Typhoon had infiltrated major telecommunications networks in the country. The hackers had allegedly intercepted conversations, including those between prominent US politicians and government officials.
On Feb 9, Minister of Digital Development and Information Mrs Josephine Teo said that Singapore may not stop all cyber attacks but it needs to be prepared for the threat of disruption.
Echoing her views, F5’s Mr Veloo said: “Essential services should have degraded modes that still work during disruptions. Emergency traffic should be prioritised. Organisations should rehearse incidents together, not in isolation, because a telco incident becomes a multi-sector issue.”