New T-Mobile Hack Report Raises Count for Salt Typhoon Cyber Espionage Group

by | Nov 26, 2024

T-Mobile has had major cybersecurity struggles since 2019, but seemed to finally have something to be proud of when it was the only of the three major US mobile carriers not named as a victim of the “Salt Typhoon” cyber espionage campaign. That is now out the window as the company has confirmed it was also breached, though early reporting on the T-Mobile hack indicates that it may not have been as bad as the ones that hit Verizon and AT&T.

T-Mobile hack confirmed, but impact unknown

Prior to the Salt Typhoon T-Mobile hack, the most recent development in the company’s ongoing cybersecurity story had been an October order by the FCC to make major improvements to its authentication, inventory and defense systems. It remains unclear exactly when Salt Typhoon, the group of Chinese state-backed hackers that also penetrated T-Mobile’s telecom rivals for months in 2024, was in the company’s systems.

T-Mobile has been struggling with annual major breaches since 2019, with the cyber espionage incident now the ninth in the last five years. The company has said little publicly about the breach and it remains unknown how it took place, but the attacks on its contemporaries reportedly involved initial entry via unpatched vulnerabilities in routers. The prior T-Mobile hacks have mostly been conducted by criminal groups and have been all over the map in their methodology, from repeatedly scamming customer service employees over the phone to sussing out weaknesses in its APIs.

Mobile carriers and ISPs are an obvious high value target to hackers, but in terms of state-backed hacking most of the focus as of late has been on their role in national critical infrastructure during some sort of major conflict. The Salt Typhoon cyber espionage campaign demonstrates the value they have to hackers as an upstream place to dwell and live off the land, taking in massive amounts of personal information and gaining access to tools such as surveillance systems used by law enforcement.

All of this adds up to a need for mobile carriers to make drastic cybersecurity improvements. Unfortunately, with the government investigation still ongoing, the T-Mobile hack and other recent incidents will likely be revealed to have been even more damaging than initially reported.

Cyber espionage campaign achieved a shocking level of penetration

With the reveal of the T-Mobile hack, the Salt Typhoon cyber espionage campaign officially compromised all three of the “big” mobile carriers in the US as well as ISP Lumen Technologies. That is an extremely concerning level of access, particularly considering that the hackers were apparently able to maintain access for months without being spotted.

The scope of the damage to T-Mobile remains unknown as the carrier is remaining tight-lipped about exactly how the breach went down. It did issue a public statement claiming that it has not found any exposure of customer data or ongoing impact to its internal systems, which would make it substantially better off than its two competitors if true. A joint CISA and FBI investigation into the cyber espionage campaign continues, however, and may very well turn up new elements of data exposure going forward.

Recent Posts

How can we help?

3 + 8 =

× How can I help you?