Telco operators in the US are being actively targeted by hackers linked to China, with the FBI recently describing the efforts as a “cyber espionage campaign.”
T-Mobile itself was attacked in mid-November by hackers, but Jeff Simon, the company’s chief security officer said in an update this week that its security defences stopped the hackers from accessing sensitive customer information.
Subscribe today for free
“Many reports claim these bad actors have gained access to some providers’ customer information over an extended period of time — phone calls, text messages, and other sensitive information, particularly from government officials,” Simon wrote. “This is not the case at T-Mobile.
“Our defences worked as designed — from our layered network design to robust monitoring and partnerships with third-party cyber security experts and a prompt response — to prevent the attackers from advancing and, importantly, stopped them from accessing sensitive customer information. Other providers may be seeing different outcomes.”
The hackers, known as Salt Typhoon, are believed to be linked to the Chinese state, with law enforcement agencies suggesting they’re targeting telcos to try and get at customer call data and private communications from individuals “primarily involved in government or political activity.”
The hackers are believed to have targeted phones belonging to US political figures, including President-elect Donald Trump, Vice President-elect JD Vance, and Vice President Kamala Harris.
Alongside T-Mobile, Verizon, AT&T, and Lumen are among those whose networks have been hit by Salt Typhoon. Cybersecurity firm Trend Micro has suggested that the group is targeting operators beyond the US, using a new backdoor method called “GhostSpider” to bypass security measures of telcos in Southeast Asia.
T-Mobile’s chief security officer said the operator has passed along what it learned of the attack to other industry firms and government leaders.
Simon wrote that T-Mobile made a “massive investment” to beef up its cybersecurity defences following a series of incidents a few years ago.
Among T-Mobile’s improved cyber defences include a series of gates designed to deter attacks by making it increasingly difficult to pass, improved activity monitoring, and rapid response capabilities to quickly shut down activity and mitigate the impact.
He wrote that T-Mobile has also implemented mandatory multi-factor authentication for staff, and separated its systems from its networks to hinder a bad actor’s ability to move beyond an initially compromised system.
“T-Mobile has minimal operations in wireline networks and provides service almost exclusively within the US,” the security chief wrote. “This simplifies the management and security of our systems. Our consumer fibre offerings are also separate isolated networks from our wireless network infrastructure.”
Simon was among the telco leaders who visited the White House last week to meet with National Security Advisor Jake Sullivan and Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger to discuss the ongoing threat.
Simon wrote: “As an industry and country, we are now seeing activity from the most sophisticated cyber criminals we've ever faced, and as such, we can't make any promises with absolute certainty.
“But I can tell you that our commitment to our customers is clear: T-Mobile will work tirelessly to keep customer information secure, safeguarding our network, responding swiftly to threats, and investing in security.”
RELATED STORIES
T-Mobile hit by alleged Chinese cyber attack in major data breach
FBI warns Chinese hackers are targeting telcos in major espionage campaign
T-Mobile virtual machine logs allegedly exposed in Capgemini data breach
