Singapore's Telecom Takedown and the Notepad Nightmare: China's Hackers Go Shopping in Everyone's Backyard episode artwork

EPISODE · Feb 9, 2026 · 3 MIN

Singapore's Telecom Takedown and the Notepad Nightmare: China's Hackers Go Shopping in Everyone's Backyard

from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your weekly China cyber alert, and we've got some serious developments to walk through. Singapore just got hit hard by UNC3886, a China-linked advanced persistent threat group that's been operating since at least 2022. The Cyber Security Agency of Singapore revealed Monday that all four major telecom operators—M1, SIMBA Telecom, Singtel, and StarHub—fell victim to a deliberate, well-planned campaign. What makes this fascinating is the sophistication. These attackers weaponized zero-day exploits to punch through perimeter firewits, deployed rootkits for persistent access, and grabbed some technical data to advance their operational objectives. The good news? No customer data breach confirmed, and Singapore's cyber defenders mounted something called Operation Cyber Guardian to boot them out and expand monitoring. Now here's where it gets really interesting. According to research from Rapid7 Labs, the Chinese APT group Lotus Blossom just got caught orchestrating a massive supply chain attack. They compromised the infrastructure hosting Notepad++, that popular code editor millions of developers use daily, and delivered a custom backdoor they're calling Chrysalis. This group has been active since 2009 and typically targets government, telecommunications, and aviation sectors across Southeast Asia and Central America. Supply chain attacks are the new frontier for Chinese cyber operations because they're like planting seeds in everybody's garden at once. Meanwhile, the House Energy and Commerce Committee is getting serious about defense. Five bipartisan cybersecurity bills advanced unanimously, with special focus on critical infrastructure. The Energy Threat Analysis Center Act specifically calls out Volt Typhoon and Salt Typhoon as embedded threats already operating in critical infrastructure networks, sometimes undetected. Representative Gabe Evans pointed out that Chinese Communist Party-backed hacker groups have already infiltrated energy sector networks, making reauthorization of ETAC absolutely essential. The broader picture shows these operations aren't just about stealing data anymore. According to analysis from the International Institute for Strategic Studies, Volt Typhoon's targeting of U.S. critical infrastructure suggests preparation for disruption operations in a potential military crisis rather than traditional espionage. They're collecting network diagrams and operating manuals, stuff that would be useful for sabotage, not intelligence gathering. Networks in Guam got particular attention, likely because those U.S. naval ports and air bases would be critical to any military response involving Taiwan. China itself just comprehensively revised its Cybersecurity Law, effective January first, 2026, strengthening penalties and expanding extraterritorial regulation to cover activities endangering China's cybersecurity beyond just critical in This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your weekly China cyber alert, and we've got some serious developments to walk through. Singapore just got hit hard by UNC3886, a China-linked advanced persistent threat group that's been operating since at least 2022. The Cyber Security Agency of Singapore revealed Monday that all four major telecom operators—M1, SIMBA Telecom, Singtel, and StarHub—fell victim to a deliberate, well-planned campaign. What makes this fascinating is the sophistication. These attackers weaponized zero-day exploits to punch through perimeter firewits, deployed rootkits for persistent access, and grabbed some technical data to advance their operational objectives. The good news? No customer data breach confirmed, and Singapore's cyber defenders mounted something called Operation Cyber Guardian to boot them out and expand monitoring. Now here's where it gets really interesting. According to research from Rapid7 Labs, the Chinese APT group Lotus Blossom just got caught orchestrating a massive supply chain attack. They compromised the infrastructure hosting Notepad++, that popular code editor millions of developers use daily, and delivered a custom backdoor they're calling Chrysalis. This group has been active since 2009 and typically targets government, telecommunications, and aviation sectors across Southeast Asia and Central America. Supply chain attacks are the new frontier for Chinese cyber operations because they're like planting seeds in everybody's garden at once. Meanwhile, the House Energy and Commerce Committee is getting serious about defense. Five bipartisan cybersecurity bills advanced unanimously, with special focus on critical infrastructure. The Energy Threat Analysis Center Act specifically calls out Volt Typhoon and Salt Typhoon as embedded threats already operating in critical infrastructure networks, sometimes undetected. Representative Gabe Evans pointed out that Chinese Communist Party-backed hacker groups have already infiltrated energy sector networks, making reauthorization of ETAC absolutely essential. The broader picture shows these operations aren't just about stealing data anymore. According to analysis from the International Institute for Strategic Studies, Volt Typhoon's targeting of U.S. critical infrastructure suggests preparation for disruption operations in a potential military crisis rather than traditional espionage. They're collecting network diagrams and operating manuals, stuff that would be useful for sabotage, not intelligence gathering. Networks in Guam got particular attention, likely because those U.S. naval ports and air bases would be critical to any military response involving Taiwan. China itself just comprehensively revised its Cybersecurity Law, effective January first, 2026, strengthening penalties and expanding extraterritorial regulation to cover activities endangering China's cybersecurity beyond just critical in This content was created in partnership and with the help of Artificial Intelligence AI.

NOW PLAYING

Singapore's Telecom Takedown and the Notepad Nightmare: China's Hackers Go Shopping in Everyone's Backyard

0:00 3:23

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Digital Dragon Watch: Weekly China Cyber Alert?

This episode is 3 minutes long.

When was this Digital Dragon Watch: Weekly China Cyber Alert episode published?

This episode was published on February 9, 2026.

What is this episode about?

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your weekly China cyber alert, and we've got some serious developments to walk through. Singapore just got hit hard by UNC3886, a China-linked...

Can I download this Digital Dragon Watch: Weekly China Cyber Alert episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!