T-Mobile US has thwarted a Chinese cyber-espionage campaign by Salt Typhoon, a group believed to be behind the attacks on US telecommunications providers’ networks. According to Jeff Simon, T-Mobile US’s Chief Security Officer (CSO), the attack was unique in its approach, using a novel technique that hasn’t been seen before in his 15-plus-year career in cybersecurity.
The FBI and CISA have confirmed that Salt Typhoon successfully broke into networks of US telecom companies, compromised wiretapping systems used by law enforcement, and stole customers’ call records and metadata. However, T-Mobile US was able to detect the activity within a single-digit number of days and block the attempts.
Simon credited T-Mobile US’s layered defense strategy for stopping the espionage attempts, including implementing FIDO2 authentication for employees and rotating credentials extremely regularly. He also noted that the carrier’s wireless-only model reduced the risk of wireline network intrusions.
While the scope of the attack is still unclear, Simon stated that he is confident whoever the intruders may be remains outside T-Mobile US’s systems. The company has taken steps to improve its cybersecurity and pay a penalty after a series of network intrusions affected tens of millions of customers.
US officials are urging individuals to use strongly encrypted messaging and communications to protect information from theft-in-transit and surveillance. “Encryption is your friend,” CISA said, emphasizing the importance of using secure communication methods to prevent interception and detection.
Source: https://www.theregister.com/2024/12/05/tmobile_cso_telecom_attack