Some telco technical data may open more doors for cyberattackers: Experts

Telco technical data, such as network diagrams and configurations, has been likened by cybersecurity experts to a building’s “blueprint” that could offer hackers access to critical networks with the potential to bring about outages and data leaks.

Mr Aaron Ang, chief technology officer of Singapore-based cybersecurity specialist Cyber Leaders Nexus, said such technical data is like “the blueprints and guard schedules of a building”.

He added: “A thief with it knows exactly where to enter, which paths to avoid cameras and how to reach restricted rooms. Even if they leave without stealing anything, the real damage is done because they know how everything connects, including backdoors into neighbouring buildings.”

British-based cybersecurity company Sophos and US-headquartered cybersecurity company Infoblox said other useful technical data includes service and user account names, and domain name system architecture, as they allow hackers to plan future intrusions.

Their comments come after the Cyber Security Agency of Singapore revealed on Feb 9 that state-sponsored cyberespionage group UNC3886 had exfiltrated a “small amount of technical data” from the country’s major telcos – Singtel, StarHub, M1 and Simba Telecom.

The authorities did not provide details of the data stolen beyond saying it was primarily network-related. They also said that no sensitive customer data was seen or exfiltrated, and that critical systems such as the 5G core were not compromised.

Mr Rafe Pilling, director of threat research at Sophos, said that defending telco systems against future attacks will involve keeping software up to date and the full technical logs of critical systems.

Singapore has taken similar measures, including enhancing detection measures.

If hackers had accessed a telco’s 5G core, service disruptions and massive snooping could happen.

Mr Mohan Veloo – chief technology officer for Asia-Pacific, China and Japan for US-based cybersecurity company F5 – compared the core of a 5G network to “the brain of the system”.

“It decides how devices connect, how data is routed and how services are prioritised,” said Mr Veloo, adding that such a breach could lead to service disruption and intelligence gathering at a national scale.

Mr Saran Raj, manager for South-east Asia at Google Threat Intelligence Group, pointed out that a telco’s 5G network is the backbone of physical devices that are connected to the internet. These connected devices include autonomous buses and remote surgical equipment in hospitals, whose operations may be disrupted.

“For an autonomous vehicle or remote-controlled industrial robot, a two-second delay results in a fatal crash,” said Mr Saran.

Mr Matthias Yeo, chief executive of Singapore-based cybersecurity research company CyberXCenter, said that attackers could also bring down emergency response services, and affect real-time financial services, market updates and fraud detection.

Government communications and public safety messages could also be monitored or disrupted.

“In this context, access to the 5G core is not merely a technical breach; it represents a direct risk to public safety, economic stability and national security,” said Mr Yeo.

Compromised telco systems has caused widespread disruption around the world.

In December 2023, an attack on Ukraine’s largest mobile network operator Kyivstar left some 24 million users without mobile and internet services for days.

The disruption affected the operations of public transport, hospitals and ATMs.

The attack, which happened in the midst of the Russian-Ukraine conflict, caused air raid sirens in the north-eastern city of Sumy to stop working.

Mr Heng Mok – chief information security officer-in-residence for Asia-Pacific and Japan at cloud-based cybersecurity company Zscaler, headquartered in the US – said: “In a wartime context, a telecom outage is not merely an inconvenience, it can disrupt communications for families, businesses and public services at scale.”

In April 2025, the SIM data of nearly 27 million users of South Korea’s SK Telecom was leaked. This exposed millions of users to potential identity theft and account takeover, and the company had to issue free SIM card replacements to millions of subscribers.

In October 2024, US officials revealed that sophisticated threat actor Salt Typhoon had infiltrated major telecommunication networks in the country.

The hackers had allegedly intercepted conversations, including those between prominent US politicians and government officials.

On Feb 9, Minister for Digital Development and Information Josephine Teo said that Singapore may not stop all cyberattacks, but it needs to be prepared for the threat of disruption.

Echoing her views, F5’s Mr Veloo said: “Essential services should have degraded modes that still work during disruptions. Emergency traffic should be prioritised.

“Organisations should rehearse incidents together, not in isolation, because a telco incident becomes a multi-sector issue.”

Source: The Straits Times © SPH Media Limited. Permission required for reproduction.

ADV: Legal Innovation Festival SE Asia launches in Singapore Stamford Land sues UOB for $1.88m over allocation of excess rights shares in its 2021 issue