T-Mobile Breached in Major Chinese Cyber-Attack on Telecoms

Written by

T-Mobile’s network has been breached as part of a large-scale cyber-espionage campaign by Salt Typhoon, a Chinese state-sponsored hacking group,  The Wall Street Journal reported on November 15.

The attack targeted major telecommunications providers in the US, that also includied AT&T, Verizon and Lumen Technologies, and extended to international telecom firms.

Investigators have reported that hackers infiltrated critical systems used for law enforcement surveillance, compromising sensitive communications.

Salt Typhoon leveraged vulnerabilities in telecom infrastructure, such as Cisco Systems routers, to access call records, unencrypted messages and audio communications from targeted individuals.

While T-Mobile has stated that no significant impacts to its systems or customer data have been identified, federal agencies and security experts remain concerned about the scope of the breach.

“We won't know how serious this hack was until T-Mobile discloses what information was stolen. Metadata like call times and participants, although concerning, is not nearly as scary as state-sponsored threat actors stealing texts and audio messages,” said Paul Bischoff, consumer privacy advocate at Comparitech.

“T-Mobile does not have a good track record when it comes to cybersecurity. Just last month, it paid a $31.5 million settlement to resolve multiple data breaches that took place over three years.”

Targeting Critical Infrastructure

The breach is part of an extended campaign believed to have lasted at least eight months. Salt Typhoon’s methods included advanced use of artificial intelligence to enhance their access and intelligence-gathering efforts.

Victims reportedly include US government officials involved in national security and policy making, adding to fears about potential counterintelligence risks.

Key aspects of the breach include:

  • Access to telecom systems used for wiretap surveillance

  • Compromised call logs and private communications of high-ranking officials

  • Potential mapping of infrastructure for future attacks

Read more on state-sponsored hacking: State-Sponsored Espionage Campaign Exploits Cisco Vulnerabilities

A Broader Cybersecurity Challenge

The Salt Typhoon campaign has exposed significant weaknesses across the telecommunications sector, which is classified as critical infrastructure under US federal law.

“The Chinese hacker will use T-Mobile to island-hop into myriad government agencies and critical infrastructures. The national security implications are profound,” warned Tom Kellermann, SVP of cyber strategy at Contrast Security.

“This is the third telecom provider compromised by [Chinese hackers] in the last 12 months. The systematic campaign of infiltration will take months to root out.”

Federal agencies, including the FBI and CISA, are continuing to investigate. The Biden administration has issued warnings about the “broad and significant” nature of the breach.

Telecommunications companies, meanwhile, are strengthening their defenses, with T-Mobile reportedly working on implementing measures such as zero-trust architecture and phishing-resistant authentication to protect its systems.

Image credit: viewimage / Shutterstock.com

What’s hot on Infosecurity Magazine?