Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

T-Mobile admits Chinese hackers accessed its network, but says no call logs were affected

.

  • T-Mobile details how Salt Typhoon accessed its routers
  • It explained what the hacker's methods and how they were spotted
  • T-Mobile's CSO stresses hackers didn't steal any data

T-Mobile has revealed the hackers who recently targeted its infrastructure were seen running commands on its routers, but stressed its defenses worked as intended and that no major damage was done.

The declaration follows recent news of an incident where Salt Typhoon, an infamous Chinese state-sponsored threat actor, breached T-Mobile's network in a cyber-espionage campaign on behalf of the country’s government.

The FBI also recently confirmed the group had successfully gained access to networks and private communications of members of the US government.

Working as intended

Now, T-Mobile’s Chief Security Officer, Jeff Simon, told Bloomberg the attackers were spotted while running commands, usually used in the reconnaissance stage of a cyberattack, on company routers. Some of the commands used matched indicators of compromise previously linked to Salt Typhoon, he added.

At the same time, Simon published a blog post in which he said the company’s defenses worked as intended, so Salt Typhoon was unable to cause any significant damage, or steal any sensitive customer or company information.

"Many reports claim these bad actors have gained access to some providers' customer information over an extended period of time – phone calls, text messages, and other sensitive information, particularly from government officials. This is not the case at T-Mobile," Simon said.

"Our defenses protected our sensitive customer information, prevented any disruption of our services, and stopped the attack from advancing. Bad actors had no access to sensitive customer data (including calls, voicemails, or texts).”

Simon also said that the attack originated from a wireline provider’s network that was connected to T-Mobile. "We quickly severed connectivity to the provider's network as we believe it was – and may still be – compromised."

After blocking the access, T-Mobile said it now sees no additional attacker activity, suggesting Salt Typhoon abandoned the initiative. In any case, the information was shared with government and industry partners.

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.