T-Mobile Shares More Information on China-Linked Cyberattack – Source: www.securityweek.com

T-Mobile on Wednesday shared additional information on a cyberattack believed to have been conducted by the China-linked threat group Salt Typhoon, but the telecoms firm reiterated that the attack was blocked.

It came to light earlier this month that T-Mobile has also been targeted by the Chinese threat group Salt Typhoon in a major cyberespionage campaign targeting several telecommunications companies in the United States. 

T-Mobile said at the time that it had been closely monitoring the attack, but claimed it saw no significant impact to its systems or data. 

T-Mobile’s Chief Security Officer, Jeff Simon, on Wednesday shared additional information in an attempt to clear up what the company described as “misleading media reports”. 

“Many reports claim these bad actors have gained access to some providers’ customer information over an extended period of time – phone calls, text messages, and other sensitive information, particularly from government officials,” Simon said. “This is not the case at T-Mobile.”

According to the CSO, T-Mobile has detected attempts to infiltrate its systems within the last few weeks, but claims its defenses managed to protect sensitive customer information and prevented any service disruptions. 

“Bad actors had no access to sensitive customer data (including calls, voicemails or texts),” Simon noted.

The attack against the telecom firm originated from a wireline provider’s network connected to T-Mobile’s own network. The connection to this provider was quickly cut off and the company says it currently does not see these or other attackers in its systems. 

T-Mobile also noted that it has not seen any previous attempts to compromise its systems in such a manner.

While in the statement posted on the T-Mobile website Simon said the company “cannot definitively identify the attacker’s identity”, the CSO told Bloomberg that the unauthorized activity does resemble Salt Typhoon.

T-Mobile suffered several significant data breaches in recent years, including incidents that impacted tens of millions of customers.    

It came to light in September that the China-linked threat actor had hacked into the networks of several major US broadband providers, including companies such as Verizon, AT&T and Lumen Technologies, as well as some service providers outside the US. 

The cybersecurity agency CISA and the FBI recently confirmed investigating what they described as a broad and significant Chinese espionage campaign targeting telecom infrastructure, with the goal of stealing customer call record data and compromising the private communications of individuals who are primarily involved in government or political activity.

Senator Mark Warner, chairman of the Senate Intelligence Committee, told The Washington Post in an interview that the cyberattacks launched by Salt Typhoon are the “worst telecom hack in our nation’s history — by far”. The hackers were able to listen in on audio calls in real time and read texts, according to the senator. The FBI has identified and notified 150 victims, a majority in the Washington, D.C. area. 

Related: US Gov Agency Urges Employees to Limit Phone Use After China ‘Salt Typhoon’ Hack

Related: China’s Volt Typhoon Rebuilding Botnet

Related: China Making Claims About Encryption Cracking and Intel Backdoors