T-Mobile has been targeted in a significant cyber-espionage operation linked to a Chinese intelligence agency. According to a report by the Wall Street Journal, which broke the story, China-based hackers gained access to the telecom company’s network and several belonging to other US and international telecommunications firms. The breach is said to be part of a broader campaign designed to intercept sensitive communications from high-value intelligence targets.

The attack unfolded over a month, allowing the hackers to infiltrate T-Mobile’s systems without detection. While details on specific data compromised during the breach remain unclear, no confirmation has been given regarding the theft of customer call records or communication data.

This incident comes amid growing concerns over the vulnerability of telecom networks to foreign espionage. Last week, the Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) revealed that China-linked hackers had also intercepted surveillance data from US telecom companies, targeting information related to American law enforcement.

“Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to US law enforcement requests pursuant to court orders,” stated FBI and CISA.

The latest breach reportedly involved the same Chinese hacker group, Salt Typhoon, which has been active since at least 2019 and has a history of targeting government entities and telecom companies in Southeast Asia.

Salt Typhoon, also known by various other aliases such as Earth Estries, FamousSparrow, Ghost Emperor, and UNC2286, has been linked to numerous cyber-espionage campaigns. The hackers targeted the wiretap systems that US phone and internet companies are required under a 30-year-old federal law to allow government access to customer data.

T-Mobile’s ninth security breach since 2019

This latest attack marks the ninth security breach targeting T-Mobile since 2019. The firm has experienced several high-profile security incidents in recent years, including a 2019 breach that exposed the account information of prepaid customers, a 2020 data incident that compromised the personal and financial details of employees, and multiple incidents in 2020 and 2021 where hackers accessed customer proprietary network information and internal applications.

In 2022, meanwhile, the Lapsus$ extortion gang breached T-Mobile’s systems using stolen credentials, while a 2023 breach resulted in the theft of personal data from 37 million customers.

Read more: T-Mobile data breach could leave the company counting the cost