This week, T-Mobile, the second largest wireless carrier in the U.S., confirmed a breach by China’s hacking group, Salt Typhoon.
The company is the latest to recognize the breach, linked to the wider Salt Typhoon cyber espionage attack which has targeted American telco operators and the U.S. wiretapping system.
The implications of the SaltTyphon attack are significant and still developing. T-Mobile provides services to 127.5m Americans, federal and state government organizations, and the U.S. Navy.
But the T-Mobile breach is the tip of the iceberg when it comes to Salt Typhoon´s latest operation which proves to be one of the boldest cyber espionage hacks ever seen.
T-Mobile Still Figuring Out What Happened As They Confirm Salt Typhoon Breach
Salt Typhoon managed to access the U.S. wiretapping system by breaching American telcos — the T-Mobile attack acts as a sequel to attacks against AT&T and Verizon.
Experts say the threat actor is targeting high-profile targets, such as national security officials with data and systems they they have managed to infiltrate.
Paul Bischoff, Consumer Privacy Advocate at Comparitech, a pro-consumer technology and research website, spoke to us about the T-Mobile hack.
Bischoff explained that metadata like call times and participants, although concerning, is not nearly as scary as state-sponsored threat actors stealing texts and audio messages.
“We won’t know how serious this hack was until T-Mobile discloses what information was stolen,” Bischoff said.
Anonymous sources say that while the hackers accessed parts of T-Mobile’s edge-routing infrastructure with unauthorized access to a limited number of devices, T-Mobile was successful in booting the hackers out before wider incursions.
T-Mobile does not have a good track record when it comes to cybersecurity, although it may have performed better than usual this time around.
“Just last month, it paid (the FCC) a $31.5 million settlement to resolve multiple data breaches that took place over three years,” Bischoff added.
The Salt Typhoon Hack: ‘A Devastating Counterintelligence Failure’
The Wall Street Journal, which originally broke this story, described the hack against U.S. telcos as a “devastating counterintelligence failure“. Government officials and telcos are scrambling to understand the impacts and the breach itself.
To make matters worse, recently the FBI announced it was investigating a possible Chinese hack into President Trump and VP Vance’s iPhones. This FBI investigation is also believed to be linked to the Salt Typhoon hack.
It is unclear what information Salt Typhon accessed or extracted, how long the threat actor persisted in the systems and networks, and whether they deployed any spyware, malware, or modified any internal systems.
With a month to go, the breach caps off a massive year of infrastructure attacks against the U.S.
More Salt Typhoon Cyber Attacks and Incidents Expected to Unfold
Chris Hauk, Consumer Privacy Champion at Pixel Privacy, a user privacy blog, spoke to us about the Salt Typhoon incidents and what to expect.
“We can expect to see additional attacks by this group (Salt Typhoon) in the coming months, as the group works to access the phone lines and records of national security officials and politicians.”
“This is a significant threat to U.S. national security,” Hauk said. “At this point, we don’t know for sure what information was stolen. Hopefully, we’ll learn more in the near future”.
Salt Typhoon’s cyberattack takes advantage of the dependency of the American government on telcos.
The incident also shows the once ‘convenient’ idea of building integrated court-ordered law enforcement wiretapping systems into third-party providers’ infrastructures, without advanced encryption and secure segmentation, has serious shortcomings.
Having access to data and systems used by millions of Americans, and access to the wiretapping systems is obviously a national security problem for the government, as these are surveillance tools that the government uses for investigations that may have been compromised.
T-Mobile reassured its customers that there is no evidence to suggest that systems and data have been impacted in “any significant way”.
Marc Manzano, general manager for cybersecurity at SandboxAQ, an AI and quantum technology company, spoke to us about the cyberattack.
“The recent breach at T-Mobile highlights a concerning trend: telecommunications companies are increasingly targeted by sophisticated cyberattacks, underscoring the critical need for a comprehensive overhaul of cybersecurity measures within the industry.
“These networks form the backbone of global communication, and thus enhancing their security posture is essential to protect sensitive data and maintain operational integrity.”
Tom Kellermann, SVP of Cyber Strategy at Contrast Security, added:
“The Chinese hacker will use T-Mobile to island hop into a myriad of government agencies and critical infrastructures.The national security implications are profound.
“This is the third telecom provider compromised by the PLA (China’s People’s Liberation Army) in the last 12 months. The systematic campaign of infiltration will take months to root out.”
The Bottom Line
Due to a lack of public information available about the ongoing investigations into the Salt Typhoon breach, we do not know when the breach and cyber espionage operation started.
But one thing we know for sure, it is far from over. Its impact could linger for months or even years and more security incidents detaching from the initial hack are expected.
It is evident that right now Salt Typhoon has an advantage. As government agencies and telcos continue their investigation we expect to learn more and share it with our readers.