T-Mobile says the Chinese “Salt Typhoon” hackers who recently compromised its systems as part of a series of telecom breaches first hacked into some of its routers to explore ways to navigate laterally through the network.
However, the company says its engineers blocked the threat actors before they could spread further on the network and access customer information.
Also tracked as Earth Estries, FamousSparrow, Ghost Emperor, and UNC2286, this Chinese state-sponsored threat group has been active since at least 2019 and typically focuses on breaching government entities and telecommunications companies in Southeast Asia.
Jeff Simon, the company’s Chief Security Officer, shared in a blog post published on Wednesday that the threat actors’ attack—originating from a connected wireline provider’s network—was stopped by T-Mobile’s cyber defenses, including proactive monitoring and network segmentation.
The company discovered the breach after detecting suspicious behavior, including commands usually used in the reconnaissance stage of cyberattacks being run on some of its routers and commands matching indicators of compromise previously linked to Salt Typhoon, as Simon told Bloomberg.
“Many reports claim these bad actors have gained access to some providers’ customer information over an extended period of time – phone calls, text messages, and other sensitive information, particularly from government officials. This is not the case at T-Mobil,” Simon said.
“Our defenses protected our sensitive customer information, prevented any disruption of our services, and stopped the attack from advancing. Bad actors had no access to sensitive customer data (including calls, voicemails, or texts).
“We quickly severed connectivity to the provider’s network as we believe it was – and may still be – compromised.”
T-Mobile’s CSO added that the company no longer sees any attackers active within its network and has shared its findings with the government and industry partners.
Breached in recent Salt Typhoon telecom attacks
T-Mobile’s statement from today follows the company’s announcement two weeks ago that its systems were compromised in a recent wave of Salt Typhoon telecom breaches.
CISA and the FBI confirmed the breaches in late October following reports that the Chinese threat group breached multiple broadband providers, including AT&T, Verizon, and Lumen Technologies.
The two federal agencies later revealed that the…
Click Here to Read the Full Original Article at BleepingComputer…