T-Mobile engineers caught Chinese hackers attacking its routers

1comment
A giant "T" icon in magenta, belonging to T-Mobile, is seen near a T-Mobile Store.
Earlier this month, we told you that the Chinese hacking organization Salt Typhoon was able to hack into wiretap systems run by companies such as T-Mobile, AT&T, Verizon, and Lumen Technologies. Salt Typhoon apparently was interested in discovering what conversations U.S. telecom firms were obtaining for the U.S. government. On November 17th, T-Mobile released a statement stating that it had no evidence that its wiretap system was attacked.

This morning, a report from Bloomberg states that T-Mobile engineers spotted suspicious behavior on the carrier's network devices that tipped off the carrier that it was under attack. Jeff Simon, T-Mobile's chief security officer, told Bloomberg News that while the actions spotted were not "inherently malicious," they were still unusual enough to tip off the company's network engineers leading them to dig deeper into the activities.

Some of these activities included unauthorized users running commands on network devices. T-Mobile engineers surmised that the hackers were probing the network' structure, according to Simon. Before they got deeper into the network or accessed customer data, T-Mobile kicked the hackers off of its network. U.S. officials have accused the hackers, believed to be sponsored by the Chinese government, of running a campaign to break into the systems of U.S. telecom firms including some of T-Mobile's rivals.


For months, the Chinese hackers were able to access information related to people who were under lawful surveillance by the U.S. According to two sources familiar with the matter, the hacking operation might have helped expose U.S. plans to track down foreign agents. The hackers also were able to listen to communications involving what the FBI called "a limited number" of people in government and politics. That list included President-Elect Donald Trump, Vice President-Elect JD Vance, and members of Vice President Kamala Harris' staff.

Because T-Mobile is the only U.S. carrier currently using a standalone 5G network, the carrier believes that it was less exposed to the hacking group. Such a network bypasses older networking gear used during the 2G, 3G, and 4G eras such as copper networks and cable. Standalone 5G networks use advanced encryption and privacy technologies and also employ newer equipment.

T-Mobile has said that the hack originated from a wireline belonging to a non-wireless firm that connected to T-Mobile's network. T-Mobile's Simon said that the industry has been sharing more information recently in an attempt to fight back against Salt Typhoon. One T-Mobile rival getting a shout-out is the country's largest carrier, Verizon. Simon said that the latter has been, "a standout partner in sharing intelligence with the rest of the community."
Create a free account and join our vibrant community
Register to enjoy the full PhoneArena experience. Here’s what you get with your PhoneArena account:
  • Access members-only articles
  • Join community discussions
  • Share your own device reviews
  • Build your personal phone library
Register For Free

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless