The Pattern, Not the Incident
UNC3886's Singapore operation does not stand alone. It is a data point in a campaign that, assessed across the available open-source record, represents the most consequential intelligence-collection operation against allied telecommunications infrastructure in recent history. Salt Typhoon — a separate PRC-nexus actor attributed to China's Ministry of State Security — compromised at least nine US telecommunications companies between 2024 and 2025, including Verizon, AT&T, T-Mobile, Lumen, and Windstream. In August 2025, the FBI assessed that Salt Typhoon had breached at least 200 organisations across 80 countries. By early 2026, the campaign had extended to congressional email systems, with activity detected against staff supporting House committees with oversight of China policy, foreign affairs, intelligence, and the military. The targeting of committee staff — not members — is a practitioner-level detail: it indicates interest in operational and analytical work product, not just headline political communication. *Assessed with high confidence, based on open sources including US government statements and Congressional Research Service reporting.* These are not coincident operations against soft targets. They are a sustained, multi-vector campaign to achieve persistent access across the communication infrastructure of the United States and its partners. The intelligence objective — and this is the structural point that most coverage has underweighted — is not bulk data theft. It is position. Persistent access to telecom carrier infrastructure confers capabilities that are categorically different from access to any other target class. ---