The Salt Typhoon cyberattack allegedly targeted US wiretap systems that monitor conversations surreptitiously. Apparently, the government-linked Chinese group wanted to access information that telecommunication companies collect for the US government.
It has only now come to light that T-Mobile was also a victim. Hackers backed by a Chinese intelligence agency successfully targeted T-Mobile during a monthslong operation to eavesdrop on the cellphone communications of high-value intelligence targets.
It’s not clear what data was taken in the breach and it hasn’t been confirmed if the hackers were able to attain call and communications records of T-Mobile customers. A T-Mobile spokeswoman said that the attack did not significantly impact the company.
“T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information. We will continue to monitor this closely, working with industry peers and the relevant authorities.”
T-Mobile spokeswoman, November 2024
Salt Typhoon reportedly exploited vulnerabilities such as router and switch flaws to penetrate telecom infrastructure and is believed to have utilized artificial intelligence and machine learning to enhance the operations. It was able to maintain its access to parts of the infrastructure for eight months or longer.
As part of the wider campaign, the cybercriminals accessed cellphone lines used by top-ranking government officials and politicians. The access allowed them to view call logs, unencrypted text messages and some audio from victims. This means that the hacker group was able to find out who someone talked to and when, the frequency of contacts, and possibly location data.
Apparently, the hackers had the ability to access data on any US citizen but they probably only went after counterintelligence targets.
The China-led hacking campaign highlights how legally mandated back doors could give cybercriminals access points into critical systems. It also shows that American telecom companies are highly vulnerable to attacks.