T-Mobile successfully defended against a sophisticated cyber attack orchestrated by “Salt Typhoon,” a Chinese state-sponsored hacking group operating under various aliases including Earth Estries and Ghost Emperor.
The telecommunications giant detected and blocked an intrusion attempt that began through compromised routers of a connected wireline provider. Unlike recent breaches at other major U.S. telecom companies, T-Mobile reports that no customer data was compromised during the incident.
Chief Security Officer Jeff Simon confirmed that the company’s cyber defenses effectively prevented unauthorized access to sensitive information, maintained service continuity, and blocked the attackers from moving laterally through their network. T-Mobile promptly severed connections with the compromised provider and shared their findings with government and industry partners.
This attack was part of a broader campaign targeting major U.S. telecommunications providers, including AT&T, Verizon, and Lumen Technologies. Federal agencies revealed that in other successful breaches, the attackers accessed government officials’ private communications, customer call records, law enforcement request data, and U.S. government wiretapping platforms.
This incident underscores the persistent threats faced by telecommunications providers from state-sponsored actors targeting critical infrastructure, while highlighting the importance of robust cybersecurity measures.