Critical Infrastructure Security
,
Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
Telco Giant’s Probe Finds ‘No Evidence’ of Customer or Sensitive Data Breach
Mobile carrier giant T-Mobile U.S. said it was targeted as part of a wide-ranging cyberespionage operation, which the U.S. government attributes to China. Other previously reported victims of the campaign, which appeared to include a focus on individuals involved in national security, include AT&T, Verizon and Lumen.
News that publicly traded T-Mobile fell victim to the cyberespionage operation was first reported by The Wall Street Journal.
The Washington-based telco told Information Security Media Group that its investigation has found no signs that attackers accessed or stole sensitive data.
“T-Mobile is closely monitoring this industry-wide attack,” a T-Mobile spokesperson said. “Due to our security controls, network structure, and diligent monitoring and response, we have seen no significant impacts to T-Mobile systems or data.”
In addition, based on the company’s investigation to date, “we have no evidence of access or exfiltration of any customer or other sensitive information as other companies may have experienced,” the spokesperson said. “We will continue to monitor this closely, working with industry peers and the relevant authorities.”
Security experts said the wider campaign likely leads back to an advanced persistent threat group that Microsoft codenamed “Salt Typhoon.” The group has ties to China’s foreign intelligence service, the Ministry of State Security, which has long targeted U.S. systems for intelligence-gathering purposes.
The U.S. government has confirmed the “broad and significant cyberespionage campaign,” which it attributed to Beijing-backed attackers.
The hackers “compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders,” the FBI and Cybersecurity and Infrastructure Security Agency said Wednesday in a joint statement (see: FBI Updates on Vast Chinese Hack on Telecom Networks).
The agencies have been assisting victims and sharing threat intelligence. “We expect our understanding of these compromises to grow as the investigation continues.”
The hackers have also attacked foreign telecoms, including in countries that have close intelligence-sharing arrangements with Washington, according to multiple media reports. The group’s infiltration of some telecommunications networks reportedly began over eight months ago.
Investigators have released few details about the attacks, although suggested some might have involved targeting vulnerabilities in Cisco routers. While government investigators have yet to name any of the targeted individuals, reports have suggested the hackers attempted to exfiltrate data from President-elect Donald Trump and Vice President-elect JD Vance’s campaign phones (see: Chinese Hackers Reportedly Targeted Trump, Vance Phones).
Whether the hackers successfully stole communications or other information pertaining to the Trump campaign remains unclear. Seeking answers about hackers’ impact, a bipartisan group of lawmakers in October wrote to AT&T, Verizon and Lumen, demanding they brief lawmakers on the scope of the attacks and data theft.
“These types of breaches are increasing in frequency and severity, and there is a growing concern regarding the cybersecurity vulnerabilities embedded in U.S. telecommunications networks,” said letters sent to the telcos from the House Committee on Energy and Commerce (see: Congress Seeks Urgent Action After Chinese Telecom Hack).
Specific information being sought by the committee included the steps each took “to notify customers of the breach” as well as assist them, and how they first learned they were breached; it also included steps taken to identify and eliminate exploited vulnerabilities in their networks and the specific information hackers stole. The lawmakers also requested information about “legislative actions Congress should take to assist” telecommunications firms to help them “in protecting their networks and customers’ data.”