T-Mobile has disclosed that it recently intercepted a highly coordinated cyberattack on its systems, potentially linked to the Chinese state-sponsored hacking group known as Salt Typhoon. The telecoms provider confirmed that its security protocols successfully prevented the attackers from breaching sensitive customer data, including calls, voicemails, and text messages.

The incident occurred amidst reports of a larger cyberespionage campaign attributed to Salt Typhoon, which has allegedly compromised several US telecommunications providers, such as AT&T, Lumen Technologies and Verizon. Unlike these cases, T-Mobile reported that it managed to block the attackers before they could infiltrate deeper into its network or access private communications.

T-Mobile revealed that the attempted breach originated from a compromised wireline provider’s network connected to its systems. Upon detecting the threat, T-Mobile promptly severed its connection to the affected network and implemented control measures. The attackers reportedly exploited routers to explore lateral movement within T-Mobile’s infrastructure, but the company’s multi-layered security systems are said to have successfully blocked their progress, ensuring no customer information was exposed.

The telecom giant has shared its findings with US government agencies and industry leaders to aid in the collective fight against such cyber threats. While T-Mobile could not confirm the identity of the attackers, the techniques and patterns observed were reported to be consistent with those attributed to Salt Typhoon.

“We have shared what we’ve learned with industry and government leaders as we collectively work to combat these large-scale, sophisticated national threats. Last week, I had the opportunity to join a meeting at the White House with other leaders to discuss how we’re mitigating these threats,” said T-Mobile’s chief security officer Jeff Simon. “As we all have a mutual goal to protect American consumers, we felt it was important to communicate more about what we’ve seen with providers who may still be fighting these adversaries.”

Strengthened cybersecurity measures

Following previous security incidents, T-Mobile has made significant investments to enhance its cybersecurity capabilities. The company highlighted several initiatives in this regard, including the widespread implementation of multi-factor authentication (MFA) throughout its systems, network segmentation to limit the spread of attacks, comprehensive activity monitoring, and accelerated system patching.

Additionally, T-Mobile has bolstered its defences with advanced tools for detecting and mitigating unauthorised activities, rigorous security testing, and rewards for identifying potential vulnerabilities. The company also claimed that its 5G network, featuring advanced encryption and enhanced authentication, provides further protection compared to older 4G infrastructure.

The incident forms part of a larger pattern of cyberattacks targeting the telecommunications sector. Salt Typhoon, also known by aliases such as Earth Estries and FamousSparrow, has been active since 2019, primarily targeting government entities and telecom providers. Media reports suggest the group’s activities have compromised call records and sensitive data from a limited number of individuals, particularly in politics and government.

Read more: T-Mobile to develop AI-driven CX platform IntentCX with OpenAI