Salt Typhoon Hits T-Mobile as Part of Telecom Attack Spree

  /     /     /  
Publicated : 23/11/2024   Category : security


Salt Typhoon Hits T-Mobile as Part of Telecom Attack Spree


The company says no sensitive data was stolen, but federal agencies claim otherwise. CISA and FBI sources said attackers accessed all records of specific customers and the private communications of targeted individuals.



T-Mobile USA is the latest telecommunications provider to acknowledge its been targeted by the Chinese advanced persistent threat (APT) known as Salt Typhoon, as part of a widescale and unsettling cyber-espionage operation
that hacked
numerous US and international telecommunications companies aiming to steal sensitive information.
The second-largest wireless carrier in the US is currently investigating and monitoring a cyberattack consistent with the
recent activities of the Chinese state-sponsored cyber actor
, a company spokesperson told Dark Reading late on Nov. 18 in a statement.
However, so far, the company has had no evidence of access or exfiltration of any customer or other sensitive information as other companies may have experienced, according to T-Mobile. Moreover, there have been no significant impacts to T-Mobile systems or data, the company said. T-Mobile, based in Bellevue, Wash., has more than 127.5 million US subscribers.
However, T-Mobiles account differs from reports in which federal agencies said that there is evidence that the threat actor gained access to sensitive data, according to a
published report
in the Wall Street Journal that cited sources from the FBI and Cybersecurity and Infrastructure Security Agency (CISA).
According to those agencies, Salt Typhoon
accessed
call records of specific customers, private communications of targeted individuals, and information about law enforcement surveillance requests in an effort to gather intelligence on high-ranking US national security and policy officials, the report said.
All in all, the wave of recent attacks by Salt Typhoon that have rocked
telecom providers
both at home
and abroad
— including AT&T, Verizon, and Lumen Technologies — is unnerving, says one industry expert.
No one is pleased with the idea that the
Chinese government
has access to information about us from our cellphones, one of the more intimate devices used in our daily life, says Jim Routh, former CISO at Aetna, American Express, and CVS and currently chief trust officer at security firm Saviynt. The practical reality is that this incident does little to change the risk of a significant impact to US consumers.
As T-Mobile is not yet acknowledging that data was even stolen, let alone what type of data, the full impact of the attack wont be known for some time, Paul Bischoff, consumer privacy advocate at Comparitech, notes. That said, there is a chance its not as serious as some fear depending on what is revealed, he observes.
Metadata like call times and participants, although concerning, is not nearly as scary as state-sponsored threat actors stealing texts and audio messages, Bischoff says.
Still, the national security implications of Chinese threat actors rooting around in the personal data of mobile device users, and then using that data to island hop into a myriad of government agencies and critical infrastructures … are profound, observes another security expert, Tom Kellermann, senior vice president of cyber strategy at Contrast Security.
This is the third telecom provider compromised by [China] in the last 12 months, Kellermann says. The systematic campaign of infiltration will take months to root out.
Indeed, experts have surmised that the idea behind Salt Typhoons wave of attacks is to leverage the useful information that can be gleaned from peoples personal communications to launch further malicious activity and/or potentially disrupt communications to further Chinas interests in its political and economic conflict with the US.
We can expect to see
additional attacks
by this group in the coming months, as [it] works to access the phone lines and records of national security officials and politicians, notes Chris Hauk, consumer privacy champion at Pixel Privacy.
The incidents are certainly a rude awakening for telecommunications and other critical infrastructure providers, and demonstrate just how vulnerable they are to compromise by organized cybercriminal groups, experts say. Indeed, T-Mobile itself doesnt have the best track record in cybersecurity, Bischoff notes, as just last month the mobile carrier paid a
$31.5 million settlement
to resolve multiple data breaches that took place over three years.
The threat of imminent further attacks by Salt Typhoon demand that telecom providers act fast to shore up cybersecurity efforts. We can expect to continue to see attacks like this, as well as traditional ransomware attacks, Hauk notes, as
state actors continue to wage a cyberwar against the United States
and its vulnerable infrastructure.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Salt Typhoon Hits T-Mobile as Part of Telecom Attack Spree