top of page
OutSystems-business-transformation-with-gen-ai-ad-300x600.jpg
OutSystems-business-transformation-with-gen-ai-ad-728x90.jpg
TechNewsHub_Strip_v1.jpg

LATEST NEWS

Marijan Hassan - Tech Journalist

T-Mobile confirms breach in the recent Chinese-linked cyber espionage operation targeting US telcos

T-Mobile has confirmed it was breached as part of a recent wave of cyberattacks linked to Chinese state-sponsored hackers, marking the latest in a string of incidents targeting U.S. telecommunications companies. The operation, attributed to the advanced persistent threat group known as Salt Typhoon, focused on intercepting private communications, call logs, and sensitive law enforcement data.



In a statement to the Wall Street Journal, T-Mobile said its systems and customer data had not been significantly impacted, emphasizing that there is currently no evidence of harm to customer information.


“We will continue to monitor this closely, working with industry peers and the relevant authorities,” the company stated, underscoring its commitment to addressing the situation.


A little background

Salt Typhoon, also known by aliases such as Earth Estries and FamousSparrow, has been active since at least 2019. The group typically targets government entities and telecommunications firms in Southeast Asia and the United States. This recent campaign reportedly compromised major telecom providers, including AT&T, Verizon, and Lumen, alongside T-Mobile.


The breach enabled hackers to intercept call records, text messages, and even some audio from cell phone lines linked to senior U.S. government officials. Additionally, attackers reportedly accessed details of law enforcement requests submitted to telecommunication companies.


A joint statement from the FBI and CISA confirmed that PRC-affiliated threat actors stole customer call data and private communications, focusing on individuals involved in government and political activities.


Attack Methods and Tools

The cyberespionage campaign reportedly exploited vulnerabilities in Cisco routers, which are critical for routing internet traffic. Cisco has denied that its equipment was breached but acknowledged the possibility of vulnerabilities being exploited.


The U.S. government has warned that the scale of the breach is still being assessed, with further insights expected as investigations continue.


T-Mobile’s Troubled History with Cybersecurity

This incident marks the ninth breach for T-Mobile since 2019, adding to a troubling track record:

  • 2019: Exposed prepaid customer account data.

  • 2020: Two breaches, including one affecting employee personal and financial information.

  • 2021: Three breaches, including unauthorized access to an internal application and brute-force attacks on network systems.

  • 2022: Lapsus$ gang breached T-Mobile using stolen credentials.

  • 2023: Two breaches, including one exposing the personal data of 37 million customers.


Implications for the Telecom Sector

This latest breach underscores the vulnerabilities within the U.S. telecommunications sector, which remains a prime target for state-sponsored cyberattacks. The campaign highlights the need for robust cybersecurity measures to protect sensitive communications and critical infrastructure.


As investigations deepen, telecom providers and government agencies are likely to face increased scrutiny over their ability to safeguard sensitive data, especially on the back of growing nation-state cyber threats.

wasabi.png
Gamma_300x600.jpg
paypal.png
bottom of page