T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears

updated T-Mobile US said it is "monitoring" an "industry-wide" cyber-espionage campaign against American networks – amid fears Chinese government-backed spies compromised the un-carrier along with various other telecommunications providers.

On Friday, the Wall Street Journal reported T-Mo was among those hit in a months-long effort by the Chinese to snoop on high-value intelligence targets via their cellphone communications. China's Salt Typhoon team broke into Verizon, AT&T, and Lumen Technologies, among others, it is reported.

A T-Mobile US spokesperson on Monday did not confirm nor deny it too had fallen victim to Salt Typhoon, telling The Register simply: "T-Mobile is closely monitoring this industry-wide attack." Can we take that as a yes?

The telecoms giant has seen "no significant impacts to T-Mobile systems or data," the spokesperson told us. "We have no evidence of access or exfiltration of any customer or other sensitive information as other companies may have experienced. We will continue to monitor this closely, working with industry peers and the relevant authorities."

T-Mo's disclosure comes less than a week after the FBI and the US govt's Cybersecurity and Infrastructure Security Agency (CISA) confirmed "a broad and significant cyber espionage campaign" had been conducted by Beijing-linked snoops against "multiple" telecommunications providers' networks.

While the official statement from the Feds did not specifically name the People's Republic of China spy crew, an email from the FBI to The Register said the security advisory was the government agencies' statement on Salt Typhoon.

• Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'
• Feds investigate China's Salt Typhoon amid campaign phone hacks
• US lawmakers seek answers on alleged Salt Typhoon breach of telecom giants
• T-Mobile US to cough up $31.5M after that long string of security SNAFUs

The FBI and CISA noted that the cyber-attacks the telecoms providers resulted in the "theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to US law enforcement requests pursuant to court orders."

Previous reports suggested that the Chinese snoops, after breaking into the telcos' networks, accessed the wiretapping backdoor-like systems used for court-ordered surveillance and targeted phones belonging to people affiliated with US Democratic presidential candidate Kamala Harris, as well as Republican president-elect Donald Trump and VP-elect JD Vance.

T-Mobile US, which has been breached at least seven times since 2018, in September agreed to pay $31.5 million to improve its cybersecurity and pay a civil penalty after a series of network intrusions affected millions of customers. 

This amount included a legal settlement with the FCC, requiring the carrier to pay $15.75 million as a civil penalty to the US Treasury. T-Mo will also spend $15.75 million over the next two years to beef up its infosec program. ®

Updated to add at 2300 UTC on November 20, 2024

T-Mobile's oddly worded statement about the suspected Salt Typhoon "industry-wide attack" now makes a whole lot more sense.

Unnamed sources told Bloomberg that the carrier contained the security breach before the alleged Chinese cyberspies got to customers' phones. These sources said intruders compromised "edge-routing infrastructure and gained unauthorized access to a limited number of devices, including a T-Mobile-owned-and-operated router."

The telecommunications firm, however, spotted and booted the spies before they could do any real damage to T-Mobile systems, data, or customers' devices, according to the news report.