A group of Chinese hackers known as the “Salt Typhoon” group breached T-Mobile’s routers and networks, but the company’s cyber defenses blocked the threat before they could spread further. The attack was part of a series of telecom breaches targeting government entities and telecommunications companies in Southeast Asia.
The Salt Typhoon group has been active since at least 2019 and typically focuses on breaching government entities and telecommunications companies. However, T-Mobile says its engineers blocked the threat actors’ attempts to access customer information, including phone calls, text messages, and voicemails.
According to T-Mobile’s Chief Security Officer, Jeff Simon, the company detected suspicious behavior on some of its routers, which matched indicators of compromise previously linked to Salt Typhoon. The company quickly severed connectivity to the provider’s network and blocked further attacks.
T-Mobile’s statement follows previous announcements that its systems were compromised in a recent wave of Salt Typhoon telecom breaches. Federal agencies such as CISA and the FBI confirmed the breaches, which involved compromising government officials’ private communications, stealing customer call records, and gaining access to the U.S. government’s wiretapping platform.
The attack highlights the ongoing threat posed by Chinese state-sponsored hackers, who have targeted multiple broadband providers in recent months. Canada also revealed that many of its agencies and departments were targeted in broad network scans linked to unnamed Chinese state hackers.
Source: https://www.bleepingcomputer.com/news/security/chinese-hackers-breached-t-mobiles-routers-to-scope-out-network