A notorious Chinese hacking group that breached several US telecoms providers was repelled by T-Mobile’s cyber-defenses before being able to access any sensitive customer information, the firm’s CSO, Jeff Simon, has claimed.
Simon clarified in a blog post on November 27 that despite some commentators implying it’s only a matter of time before the telco finds evidence of a significant data breach, the reverse is true.
“Simply put, our defenses worked as designed – from our layered network design to robust monitoring and partnerships with third-party cyber security experts and a prompt response – to prevent the attackers from advancing and, importantly, stopped them from accessing sensitive customer information,” he said.
“Other providers may be seeing different outcomes.”
Read more on T-Mobile breaches: T-Mobile Reveals Second Breach of the Year
Over the past few weeks, T-Mobile detected for the first time attempts to infiltrate its network via a third-party “wireline provider’s network,” Simon revealed.
He said that the threat actors were not able to progress their attack to access any call, voicemail, text or other sensitive customer data, and that the firm “quickly severed connectivity” to its supplier’s network.
“We do not see these or other attackers in our systems at this time,” he added. “We cannot definitively identify the attacker’s identity, whether Salt Typhoon or another similar group, but we have reported our findings to the government for assessment.”
Reports first emerged of the cyber-espionage campaign back in August when it was claimed that the Chinese state-sponsored APT group had targeted providers including Verizon, AT&T and Lumen Technologies.
A November 13 joint statement by the FBI and Cybersecurity and Infrastructure Security Agency (CISA) then clarified that a “broad and significant cyber-espionage campaign” had taken place. It revealed that “multiple telecommunications companies” were targeted, but no company names were mentioned.
According to the notice, the campaign enabled “the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders.”
Although T-Mobile has been the victim of multiple data breaches in recent years, Simon claimed the firm has made a “massive investment” in cybersecurity, focusing on layered defenses, proactive monitoring, rapid response and continuous vigilance.
Image credit: Diego Thomazini / Shutterstock.com