T-Mobile admits Chinese hackers accessed its network, but says no call logs were affected
Salt Typhoon ran known reconnaissance commands on T-Mobile company routers when it was spotted.
T-Mobile details how Salt Typhoon accessed its routersIt explained what the hacker’s methods and how they were spottedT-Mobile’s CSO stresses hackers didn’t steal any data
T-Mobile has revealed the hackers who recently targeted its infrastructure were seen running commands on its routers, but stressed its defenses worked as intended and that no major damage was done.
The declaration follows recent news of an incident where Salt Typhoon, an infamous Chinese state-sponsored threat actor, breached T-Mobile’s network in a cyber-espionage campaign on behalf of the country’s government.
The FBI also recently confirmed the group had successfully gained access to networks and private communications of members of the US government.
Working as intended
Now, T-Mobile’s Chief Security Officer, Jeff Simon, told Bloomberg the attackers were spotted while running commands, usually used in the reconnaissance stage of a cyberattack, on company routers. Some of the commands used matched indicators of compromise previously linked to Salt Typhoon, he added.
At the same time, Simon published a blog post in which he said the company’s defenses worked as intended, so Salt Typhoon was unable to cause any significant damage, or steal any sensitive customer or company information.
“Many reports claim these bad actors have gained access to some providers’ customer information over an extended period of time – phone calls, text messages, and other sensitive information, particularly from government officials. This is not the case at T-Mobile,” Simon said.
“Our defenses protected our sensitive customer information, prevented any disruption of our services, and stopped the attack from advancing. Bad actors had no access to sensitive customer data (including calls, voicemails, or texts).”
Simon also said that the attack originated from a wireline provider’s network that was connected to T-Mobile. “We quickly severed connectivity to the provider’s network as we believe it was – and may still be – compromised.”
After blocking the access, T-Mobile said it now sees no additional attacker activity, suggesting Salt Typhoon abandoned the initiative. In any case, the information was shared with government and industry partners.
You might also like
IoT devices across the world targeted by major new botnetHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now