Back in October, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) acknowledged that they were investigating “unauthorized access to commercial telecommunications infrastructure by an actor affiliated with the People’s Republic of China.” Collectively known as the “Salt Typhoons,” these bad actors allegedly targeted U.S. officials and staff in the run-up to the recently concluded presidential election. But days later, the Wall Street Journal reported that the group had reached far more people than originally thought. Essentially, the hackers may have been able to access the data of American customers of AT&T and Verizon. According to a new report from The Journal and Reuters, Salt Typhoon also infiltrated T-Mobile’s network, making the list of carriers just a little bit longer.
The hackers are believed to have exploited a variety of vulnerabilities to break into carrier networks, including one plaguing Cisco Systems routers. They also used AI and machine learning, and stayed on some of the systems they compromised for more than eight months, the magazine said. That’s enough time to lose a lot of sensitive data. They allegedly had access to the phone lines of senior U.S. national security officials, as well as the targets’ call records and unencrypted texts. The hackers also reportedly had access to information collected by carriers in response to surveillance requests from U.S. authorities.
A company spokesperson told the Journal that T-Mobile is “closely monitoring” the attack and that its systems and data “have not been materially impacted.” The carrier also said it had found no evidence that customer information was compromised in the security breach.
