Global cyber threats: Telecom networks are the new strategic targets

Telecommunications networks have become one of the most targeted sectors in global cyber operations. According to David Sehyon Baek, Founder and CEO of Pygmalion Global, these attacks are no longer theoretical risks but active, ongoing threats faced by telecom operators across politically and economically advanced nations. Baek, who works closely with SRT Sourcing in South Korea and is associated with the CTS International Security School in Singapore, explains that modern cyberattacks on telecom companies are driven by strategic intelligence objectives rather than financial gain.

Singapore and South Korea: Early warning signs

In Singapore, Singtel was targeted by a China-linked threat group in a coordinated cyber operation. Investigators found no evidence of financial fraud or mass data leaks. Instead, the attackers appeared to be probing core telecom infrastructure, including routing and interconnection systems.

This raised serious regional concerns. Singtel is not just Singapore’s primary carrier but a major hub connecting Southeast Asia, Australia and global networks. Access at this level can expose cross-border communications metadata, affecting multiple countries beyond Singapore itself.

A similar pattern emerged in South Korea, where SK Telecom experienced a confirmed intrusion that triggered a national-level investigation. As Baek notes, SK Telecom is deeply embedded in government communications, defence-linked services and critical infrastructure. The incident was treated not as a technical failure, but as a strategic security breach.

What links these cases is intent. These attackers were not seeking ransom or stolen data for resale. They were interested in persistent access. “State-sponsored actors want to observe traffic patterns, map relationships and understand how networks are managed,” Baek explains. Such access allows them to quietly monitor communications and retain leverage for future use. If this can happen in countries like Singapore and South Korea, both known for strong governance and cyber maturity, the real question is not if telecom operators are at risk, but how prepared they are to detect and defend against silent intrusions.

Lessons from the United States: Years before discovery

In the United States, investigations involving major carriers such as Verizon and AT&T revealed an even more troubling reality. In several cases, intrusions went undetected for three to four years. These attackers behaved nothing like cybercriminals. They avoided ransomware, disruption and noisy malware. Instead, they blended into normal network operations, studied internal workflows and stayed invisible. By the time the breaches were discovered, investigators could not confidently answer what had been accessed or for how long. This uncertainty, Baek argues, is itself the real damage.

Why telecom operators are uniquely valuable targets

Telecom networks offer something no other sector can match: nation-scale visibility. Government communications, military coordination, financial transactions and civilian movement data all pass through telecom infrastructure. Compromising a telecom operator provides intelligence coverage that no single breach in banking or healthcare can replicate.

Baek outlines four core strategic incentives. Strategic intelligence gathering through access to metadata, routing systems and authentication exchanges. Real-time situational awareness using location updates and device identifiers. Political signalling and coercion, without overt disruption. Infrastructure leverage, as telecoms connect deeply with defence, transport and emergency systems. Telecom networks are targeted not because they are weak, but because they sit at the centre of national power structures.

Ukraine: Telecom security as a battlefield priority

The war in Ukraine reinforced this reality. Before and during the invasion, Russian cyber and electronic warfare operations systematically targeted Ukrainian telecom networks. Government communications, emergency services, satellite links and media systems were all attacked to slow decision-making and create confusion. Control over information flows proved as critical as control over territory. Ukraine’s rapid deployment of decentralised satellite communications prevented total collapse, demonstrating that redundancy and resilience are now as vital as weapons and logistics.

Implications for India and emerging economies

For countries like India, telecom security is no longer just a compliance issue. It is about continuity of governance, defence coordination and economic stability. India relies heavily on terrestrial telecom infrastructure, with comparatively limited satellite redundancy. In future conflicts or cyber crises, this concentration could become a vulnerability. As Baek stresses, modern cyber strategy treats information infrastructure as a military objective. Telecom resilience must therefore be approached as a national security priority, not just an IT function.

Telecom companies are no longer neutral carriers of data. They are strategic assets at the intersection of intelligence, economy and security. Global cyberattacks show that the most dangerous threats are not the ones that cause outages,but the ones that remain invisible for years. Building cyber resilience in telecom networks now requires state-level coordination, advanced detection capabilities and strategic thinking equal to the threats they face.