T-Mobile Caught Hackers Early, Averting Data Leak

November 20, 2024 by

T-Mobile US Inc. was able to contain a recent network breach before it reached customers’ phones, according to people familiar with the matter.

Hackers accessed edge-routing infrastructure and gained unauthorized access to a limited number of devices, including a T-Mobile-owned-and-operated router, according to the people, who asked not to be identified discussing nonpublic information. When T-Mobile detected the suspicious activity, it booted the hackers from its systems.

The company detected reconnaissance activity aimed at reaching deeper layers of the network, but customer data wasn’t accessed because T-Mobile caught the intrusion at such an early stage, the people said.

T-Mobile knows where the intruders entered its network and is highly confident the method used for access is gone, the people said.

The attack shared some characteristics with intrusions by Salt Typhoon, a Chinese hacking group that has targeted U.S. telecommunications networks in recent weeks. T-Mobile hasn’t identified the responsible party. The people couldn’t identify the hackers and didn’t say when the intrusion took place.

US officials said last week that Chinese state-sponsored hackers perpetrated a “broad and significant cyber-espionage campaign” in which they breached multiple telecommunications companies to steal customer call records and compromise communications belonging to a “limited number” of people in government and politics.

The hackers targeted Vice President Kamala Harris’ staff, President-elect Donald Trump and Vice President-elect JD Vance, as well as staffers for Senate Majority Leader Chuck Schumer, according to Missouri Republican Senator Josh Hawley.

“To the extent we know, they were successful perhaps in garnering at least some of the communications of these individuals and their staff,” Hawley said at a hearing Tuesday.

China has denied the allegations, with Foreign Ministry spokesman Lin Jian saying last week that his nation had “no interest in interfering in other countries’ internal affairs through cyberspace.”

“We also oppose spreading China-related disinformation due to political agenda,” he said at a regular press briefing in Beijing.

The Wall Street Journal reported on Nov. 15 that Bellevue, Washington-based T-Mobile’s systems were among those hacked. The newspaper previously reported that AT&T Inc., Verizon Communications Inc. and Lumen Technologies Inc. were among those targeted in the Salt Typhoon campaign.

A day later, a T-Mobile spokesperson confirmed that the company was among those breached by Chinese hackers.

“We have not seen significant impacts to T-Mobile systems or data, and have no evidence of impacts to or exfiltration of any customer information,” the company said in an email.

Cisco Systems Inc. routers were involved in the breaches at AT&T, according to a person familiar with the matter. The attackers manipulated settings to siphon off the information they wanted, the person said. Most of the activity the carrier has found is on the routers, but they are such big networks it’s not clear if all the activity has been detected.

A Cisco spokesperson didn’t immediately respond to a request for comment.

In its statement released last week, U.S. officials said it was possible more victims would emerge. They didn’t identify the affected telecommunications companies.

Top photo: A T-Mobile store in New York, US, on Monday, Oct. 21, 2024. T-Mobile US Inc. is scheduled to release earnings figures on October 23.