T-Mobile has confirmed that it was targeted during a recent wave of telecom network breaches attributed to a China-linked threat group named Salt Typhoon.
Salt Typhoon, also known as Ghost Emperor and UNC2286, was behind earlier confirmed breaches of AT&T, Verizon, and Lumen Technologies. The group used these breaches to infiltrate the U.S. court wiretap system and target the phone data of top U.S. officials, including President-elect Donald Trump, VP-elect JD Vance, top congressional and government officials, and the campaign of Vice President Kamala Harris.
T-Mobile confirmed to the Wall Street Journal that it was also affected by these attacks but stated that the breach had limited impact. “T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information,” T-Mobile told the Journal.
Cisco Routers Targeted in Telecom Hacks
Salt Typhoon accessed U.S. telecom infrastructure through vulnerabilities in Cisco Systems routers, the Wall Street Journal reported. Investigators suspect that the hackers used artificial intelligence and machine learning to further their espionage operations.
Some of the targeted networks had been compromised for over eight months, accessing call logs, unencrypted texts, and some audio from targets, according to sources familiar with the matter.
Foreign telecom firms in countries with close intelligence ties to the U.S. were also compromised in the attacks. Over the past six years, T-Mobile has faced multiple breaches, resulting in significant legal settlements and compliance fines.
China: A Growing Cyber Threat
Last week, the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) provided an update on their investigation into the telecom network breaches. The agencies highlighted a broad and significant cyber espionage campaign by the People’s Republic of China (PRC) targeting commercial telecommunications infrastructure.
“Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, compromise private communications of individuals involved in government or political activities, and copy information subject to U.S. law enforcement requests pursuant to court orders. We expect our understanding of these compromises to grow as the investigation continues.”
The agencies continue to provide technical assistance, share information with potential targets, and work to strengthen cyber defenses across the commercial communications sector.
China has been aggressively targeting the U.S. through disinformation campaigns and critical infrastructure compromises. At a recent MITRE conference, CISA Threat Branch Chief Mark Singer emphasized that China is potentially a bigger threat than Russia.
“The types of incidents that we’ve responded to, the types of intrusions that we’re seeing, are becoming increasingly concerning,” Singer told conference attendees, describing the threat as “a bigger risk” than Russia posed in the lead-up to the Ukraine war.
By staying informed about these evolving threats and implementing robust cybersecurity measures, organizations can better protect their networks and data from sophisticated cyber attacks.
