Cyber Threat Radar – T-Mobile’s network was among the targets in a major Chinese customer data cyber-espionage campaign that infiltrated several U.S. and international telecommunications companies.
The hacking group, known as “Salt Typhoon” – a name designated by Microsoft and linked to Chinese intelligence operations – gained unauthorized access to T-Mobile’s systems in recent months. This breach allowed the group to collect an undetermined amount of customer data as part of an extended effort to monitor the communications of high-value intelligence targets.
No Evidence Of Impacts To Customer Data
In response, a T-Mobile spokesperson told Reuters via email, “T-Mobile is closely monitoring this industry-wide attack. At this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information.”
Despite this statement, there is still uncertainty over whether T-Mobile customer data, including call and communication records, was compromised.
The broader implications of the campaign are concerning. On Wednesday, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) disclosed that China-linked hackers had intercepted surveillance data intended for American law enforcement agencies after breaching the systems of multiple telecom companies.
Unauthorized Access To Systems
Earlier in October, Chinese hackers reportedly accessed networks belonging to major U.S. broadband providers, including Verizon Communications, AT&T, and Lumen Technologies. These breaches allegedly enabled unauthorized access to systems used by federal authorities for court-sanctioned wiretapping. Beijing has repeatedly denied allegations of engaging in such cyber activities.
CISA and the FBI issued a warning to the telecommunications industry this week, accusing China of orchestrating a “broad and significant cyber-espionage campaign” targeting the communications of senior U.S. officials, including presidential candidates. Their joint statement revealed that hackers associated with the People’s Republic of China (PRC) compromised telecom networks to:
- Steal customer call record data.
- Intercept private communications of individuals involved in government or political activities.
- Access data subject to U.S. law enforcement requests under court orders.
The agencies pledged to provide technical support, share critical intelligence, and bolster cybersecurity across the communications sector. Companies are urged to contact the FBI or CISA if they suspect they have been targeted.
Advanced Endpoint Defense Is Crucial To Protect Customer Data
“This series of incidents underscores the critical need for companies to implement advanced endpoint defense strategies,” commented Liam Davenport, Director of Cybersecurity Enterprise Solutions, SentryBay. “Telecommunications networks are particularly vulnerable to sophisticated cyberattacks that exploit system gaps to access sensitive customer data. By leveraging robust endpoint security solutions, organizations can proactively detect and respond to threats, safeguard customer data, and maintain trust in an era of escalating cyber espionage campaigns.”
SentryBay’s Armored Client is the OEM at the heart of Citrix App Protection, and is now proven protection against infostealer malware for Microsoft AVD and W365 endpoints. The solution utilises endpoint access isolation in a manner which does not impact on performance and includes Keylogging and Screen Capture protection.
