iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
US telco T-Mobile was one of the companies hacked by Chinese state-sponsored threat actors as part of a wider espionage campaign, according to sources close to the matter.
Just last week, in a joint statement released by the FBI and US Cybersecurity and Infrastructure Security Agency (CISA), investigations into Chinese government espionage of US telcos revealed that threat actors had gained access to the networks of multiple US telcos.
“Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to US law enforcement requests pursuant to court orders,” said the statement issued on Wednesday (13 November).
Now, as originally reported by The Wall Street Journal, sources familiar with the incident said T-Mobile was one of the breached telcos.
There has been no public disclosure by T-Mobile of any data being exfiltrated by threat actors.
“T-Mobile is closely monitoring this industry-wide attack,” a T-Mobile spokesperson told Reuters.
“At this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information.”
US agencies confirmed in October that a Chinese state-sponsored threat actor had breached multiple US telcos.
AT&T, Verizon, and Lumen Technologies had all been breached by the group UNC2286, better known as Salt Typhoon.
“The US government is investigating the unauthorised access to commercial telecommunications infrastructure by actors affiliated with the People’s Republic of China,” said the FBI and CISA at the time.
“After the FBI identified specific malicious activity targeting the sector, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) immediately notified affected companies, rendered technical assistance, and rapidly shared information to assist other potential victims.”
According to sources speaking with The Wall Street Journal, the threat actors had maintained network access “for months or longer”, allowing them to collect a large amount of call data from millions of US customers.
Be the first to hear the latest developments in the cyber industry.
