T-Mobile has confirmed it was targeted in the recent wave of telecom breaches reportedly conducted by Chinese state-sponsored threat actors. The campaign aimed to gain unauthorized access to private communications, call records, and law enforcement information requests within the affected companies. “T-Mobile is closely monitoring this industry-wide attack.
At this time, our systems and data have not been significantly impacted, and we have no evidence suggesting customer information has been compromised,” T-Mobile said in a statement to the press. Last month, The Wall Street Journal reported that a Chinese hacking group known as Salt Typhoon had successfully breached multiple telecom providers, including AT&T, Verizon, and Lumen. Salt Typhoon, also recognized by aliases such as Earth Estries and Ghost Emperor, has reportedly been operating since at least 2019, frequently targeting government entities and telecommunications firms, particularly in Southeast Asia.
The Wall Street Journal highlighted that this hacking campaign enabled the threat actors to monitor the cellphone lines of senior U.S. national security and policy officials, extracting call logs, text messages, and audio files. In a joint statement from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), it was confirmed that these adversarial actions included the theft of call data and private communications of targeted individuals, as well as information on law enforcement requests submitted to telecommunications companies.
Telecom breaches linked to Chinese group
“Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies, enabling the theft of customer call records, compromise of private communications, and copying of sensitive information subject to U.S. law enforcement requests,” the statement read. The investigation into these compromises is ongoing, with expectations for a growing understanding of the breaches as it continues. These attacks were reportedly executed by exploiting vulnerabilities in Cisco routers, which route internet traffic.
However, Cisco has stated that there were no indications their equipment was directly breached during the incidents. This breach marks the ninth cybersecurity incident T-Mobile has faced since 2019. The list includes compromises of prepaid customer accounts, employee data, customer information, and sensitive details of hundreds of customers.
T-Mobile has faced unauthorized access, large-scale attacks, and incidents involving extortion gangs and vulnerable APIs. As the investigation progresses, T-Mobile is working to assess the extent of the breach and implement measures to secure its network from further unauthorized access. The company has assured customers of its commitment to safeguarding their information and urged stakeholders to stay vigilant for any suspicious account activity.
