HQ/EMEAFind out how we can help your business
T-Mobile has confirmed that it was targeted in a cyberattack, part of a series of recent breaches affecting the telecommunications sector. The attacks are believed to have been carried out by Chinese state-sponsored hackers aiming to gain access to private communications, call records, and sensitive law enforcement data.
The hacking group, known as Salt Typhoon and also referred to as Earth Estries, FamousSparrow, Ghost Emperor, and UNC2286, has been active since at least 2019. Their operations have typically focused on government organisations and telecommunications companies, particularly in Southeast Asia.
In response to the breach, T-Mobile reassured its customers that there was no evidence of significant impacts on its systems or data. The company stated that no customer information had been accessed or exfiltrated, attributing this to its robust security measures and continuous monitoring efforts. T-Mobile emphasised its commitment to protecting its customers and is working closely with industry peers and authorities to monitor the situation.
The attack on T-Mobile forms part of a larger campaign that has also affected major US telecom providers, including AT&T, Verizon, and Lumen.
Reports suggest that the hacking group specifically targeted the mobile lines of senior US government officials, aiming to steal call logs, text messages, and audio communications. Additionally, data linked to law enforcement requests submitted to these companies was compromised.
A joint statement from the FBI and CISA discussed that the attackers exploited vulnerabilities in Cisco routers to infiltrate networks. However, Cisco has denied any evidence that its equipment was directly breached during the attacks. Investigations into the breaches are ongoing, with authorities expecting to uncover further details in the coming weeks.
This incident marks the ninth breach T-Mobile has faced since 2019. Previous incidents include the exposure of prepaid customer account details in 2019, breaches targeting employee and customer data in 2020, and unauthorised access to internal systems in 2021. In 2022, the Lapsus$ extortion group infiltrated the company’s network, and in 2023, hackers exploited a vulnerable API to compromise the personal information of 37 million customers.
The repeated targeting of telecommunications companies highlights the escalating threat from state-sponsored hacking groups. With sensitive data at stake, organisations like T-Mobile are under pressure to strengthen their cyber defences. As the investigation continues, collaboration between government agencies and industry leaders will remain essential in countering these sophisticated cyber threats.
