Chinese State-Sponsored ‘Salt Typhoon’ Hackers Also Breached T-Mobile

T-Mobile was also targeted by Chinese hackers alongside AT&T or Verizon, The Wall Street Journal reported Friday. Salt Typhoon—the name Microsoft assigned to a hacking group it linked to Chinese intelligence operations—breached T-Mobile’s systems in recent months and obtained access to an unknown amount of customer data.

Citing “people familiar with the matter,” the WSJ describes a sequel to the Salt Typhoon attacks on AT&T, Verizon, and other telecom carriers that it reported on in early October. This campaign relied on advanced techniques to penetrate these firms’ systems for months and then compromise information, including calling metadata and the contents of unencrypted text messages.

An attacker could use the times and phone numbers of calls—the records that AT&T lost in a massive data breach uncovered in July—for a variety of impersonation and spoofing attacks. 

As for texts, almost all messages sent between iPhones should be encrypted end-to-end by Apple’s iMessage system, and Google’s implementation of the RCS standard has brought end-to-end encryption to most Android-to-Android messaging. But messages between Android phones and iPhones were sent in the clear until Apple shipped iOS 18 in September, which added support for RCS and provided for encryption in transit for cross-platform chats.

T-Mobile provided PCMag with a statement acknowledging what it called “this industry-wide attack” but not confirming any compromise of customer records.

“Due to our security controls, network structure and diligent monitoring and response we have seen no significant impacts to T-Mobile systems or data,” the statement said. “We have no evidence of access or exfiltration of any customer or other sensitive information as other companies may have experienced.”

The statement concluded: “We will continue to monitor this closely, working with industry peers and the relevant authorities.”

Salt Typhoon hackers have also targeted systems maintained by telecom carriers to aid in court-ordered wiretapping, which led Sen. Ron Wyden (D-OR) to ask government regulators to impose security standards on the surveillance systems that carriers have built to comply with the Communications Assistance for Law Enforcement Act.

The New York Times reported in late October that Chinese hackers had also targeted specific phones—including President-elect Donald Trump’s own phone and that of the next vice president, Sen. JD Vance (R-OH).  

On Wednesday, the FBI and the Cybersecurity and Infrastructure Security Agency posted a joint statement that confirmed the broad outlines of these attacks as well as an ongoing investigation into them and said the two agencies continued to “work to strengthen cyber defenses across the commercial communications sector.”

Editors’ note: We updated this post after publication with a more detailed statement from T-Mobile.

About Rob Pegoraro

Contributor

Rob Pegoraro writes about interesting problems and possibilities in computers, gadgets, apps, services, telecom, and other things that beep or blink. He’s covered such developments as the evolution of the cell phone from 1G to 5G, the fall and rise of Apple, Google’s growth from obscure Yahoo rival to verb status, and the transformation of social media from CompuServe forums to Facebook’s billions of users. Pegoraro has met most of the founders of the internet and once received a single-word email reply from Steve Jobs.

Read Rob’s full bio

Read the latest from Rob Pegoraro