T-Mobile is no stranger to cyberattacks, and it’s happening again. Luckily, this time, they’re not buying back your data from the perpetrators in Bitcoin. The company recently revealed attempts by cybercriminals, possibly linked to the Chinese state-sponsored group “Salt Typhoon”. Their defenses held firm and the attackers were stopped before accessing sensitive calls, texts, voicemails, and other information.
T-Mobile says recent account could be Salt Tycoon handwork
Weeks ago, T-Mobile was targeted in a large-scale cyber espionage attack. The hackers aimed at high-profile individuals’ phone communications, not customer data. T-Mobile confirmed no personal information was compromised and the breach, discovered by the FBI and CISA, was publicly disclosed recently.
The company has shed more light on the issue, and confirmed that the attack originated from a compromised wireline provider’s network connected to theirs. In response, the wireless carrier immediately severed the connection and reported the findings to the government. While they couldn’t confirm if “Salt Typhoon” was behind the attack, they assured customers that their security measures worked as designed.
Salt Typhoon is a hacking group that has been active since 2020 and focuses on stealing data, especially from countries in North America and Southeast Asia. The group is known for capturing information from computer networks and taking control of the servers they target.
Collaboration with US Leaders is in progress
The group is very skilled at hiding their activities, and have managed to break into AT&T, Verizon, and Lumen Technologies systems this year in October 2024. Experts think Salt Typhoon works with China’s government to help with their goals in cyber warfare.
Within the last few weeks, we detected attempts to infiltrate our systems by bad actors. This originated from a wireline provider’s network that was connected to ours. We see no instances of prior attempts like this.
Our defenses protected our sensitive customer information, prevented any disruption of our services, and stopped the attack from advancing. Bad actors had no access to sensitive customer data (including calls, voicemails or texts).
Jeff Simon, Chief Security Officer, T-Mobile.
T-Mobile has also shared its findings about recent cyberattacks with other companies and government officials to address these threats together. Their Chief Security Officer attended a meeting at the White House with other leaders to discuss strategies for countering such attacks.
T-Mobile is prepared for future cyber attacks
Since the ultimate goal is to protect consumers, T-Mobile stressed the importance of collaboration and sharing information, especially with other service providers that might still be dealing with these cyber threats.
They’ve added extra steps for employees to log in securely, and are required to use multiple forms of verification to access accounts, including FIDO2 devices, a security standard for passwordless login that uses public key cryptography.
They’ll also split their systems so hackers can’t access everything at once, and watch closely for anything unusual. T-Mobile is also dedicated to running advanced simulations of cyberattacks to identify weaknesses and improve defenses. Their 5G network should verify devices, encrypt data, and protect privacy better than older 4G networks.
As they mainly provide wireless services in the USA, they don’t rely much on older systems like cables or copper wiring. It’s easier for them to manage and secure their systems, keeping their fiber internet services separate from their wireless network to add another layer of protection.
