T-Mobile has confirmed that it was hit during a recent wave of telecom network breaches attributed to a China-linked threat group.
The Chinese threat group Salt Typhoon was behind earlier confirmed breaches of AT&T, Verizon and Lumen Technologies, using that access to infiltrate the U.S. court wiretap system and target the phone data of top U.S. officials, including President-elect Donald Trump, VP-elect JD Vance, top congressional and government officials, and the campaign of Vice President Kamala Harris.
T-Mobile confirmed to the Wall Street Journal that it too was hit in the attacks, but said the breach had limited impact.
“T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information,” T-Mobile told the Journal.
Cisco Routers Said to Be Targeted in T-Mobile, Telecom Hacks
Salt Typhoon, also known as Ghost Emperor and UNC2286, accessed U.S. telecom infrastructure through vulnerabilities that included Cisco Systems routers, the WSJ said. The paper said incident investigators suspect the hackers used artificial intelligence or machine learning to further their espionage operations.
Some of the targeted networks had been breached for eight months or more in attacks that accessed “call logs, unencrypted texts and some audio from targets,” the Journal said, citing unnamed sources familiar with the matter.
Foreign telecom firms were also compromised in the attacks, including in countries that maintain close intelligence ties to the U.S.
T-Mobile has now been breached at least nine times in the last six years, according to some counts, leading to huge legal settlements and security and compliance fines.
China a Growing Cyber Threat
In a statement last week, the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) provided an update on their investigation into the telecom network breaches.
The agencies said their ongoing investigation into the People’s Republic of China (PRC) attacks on commercial telecommunications infrastructure “has revealed a broad and significant cyber espionage campaign.”
“Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders. We expect our understanding of these compromises to grow as the investigation continues.”
The agencies said they continue to provide technical assistance, share information to help other potential targets, “and work to strengthen cyber defenses across the commercial communications sector.”
China has been aggressively targeting the U.S. in disinformation campaigns and critical infrastructure compromises.
At a MITRE conference last month, CISA Threat Branch Chief Mark Singer said the agency considers China to potentially be a bigger threat than Russia.
“The types of incidents that we’ve responded to, the types of intrusions that we’re seeing, this is getting more and more concerning as time goes on,” Singer told conference attendees, calling the threat “a bigger risk” than Russia posed in the leadup to the Ukraine war.
