T-Mobile has confirmed its involvement in the recent wave of telecom network breaches, which have been attributed to a China-linked cyber threat group, Salt Typhoon.
The malicious actor previously breached major telecom providers, including AT&T, Verizon, and Lumen Technologies, as part of a larger operation that targeted US telecom infrastructure.
This included accessing sensitive systems such as the US court wiretap system and gathering phone data from top US officials, including President-elect Donald Trump, Vice President-elect JD Vance, key congressional figures, and Vice President Kamala Harris’s campaign.
T-Mobile, in a statement to The Wall Street Journal, confirmed its systems were affected by the attacks but stressed that the breach had limited impact. “T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information,” the company said.
Vulnerabilities in the Telecoms Sector
The breach has raised alarm about vulnerabilities in telecom infrastructure, with Salt Typhoon, also known as Ghost Emperor or UNC2286, reportedly exploiting weaknesses in Cisco Systems routers to gain access.
Investigators have speculated that the hackers may have used artificial intelligence or machine learning to bolster their espionage efforts. Some networks were reportedly breached for over eight months, during which attackers accessed sensitive data such as call logs, unencrypted text messages, and even audio from targeted individuals, according to sources cited by WSJ.
The Ongoing Investigation
The US government, through the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), has been investigating these ongoing attacks. Their joint statement discussed the broad nature of the cyber espionage campaign, noting that PRC-affiliated actors had compromised multiple telecom networks.
These intrusions were used to steal customer call records, breach the communications of government officials and political figures, and copy information subject to US law enforcement requests. The investigation is expected to expand as further details come to light.
An Escalating Threat
This series of breaches shines a light on the escalating cyber threat from China, particularly against critical US infrastructure, including telecom networks. The FBI and CISA have committed to providing technical assistance, sharing information with other potential targets, and strengthening cybersecurity defenses across the commercial communications sector.
The latest incidents are part of a wider pattern of cyberattacks from China, aimed at espionage and disrupting critical infrastructure. The ongoing investigation is a reminder of the vulnerabilities inherent in the global telecommunications network and the urgent need for better cybersecurity measures to protect sensitive data.
Overhauling Cybersecurity Measures
Marc Manzano, general manager for cybersecurity at SandboxAQ, commented on the growing threat: “The recent breach at T-Mobile highlights a concerning trend: telecommunications companies are increasingly targeted by sophisticated cyberattacks, underscoring the critical need for a comprehensive overhaul of cybersecurity measures within the industry.”
He said these networks form the backbone of global communication, and thus enhancing their security posture is essential to safeguard sensitive data and maintain operational integrity.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.