T-Mobile Joins List Of ISPs Hacked By China-Linked Group: Report

The hacking campaign by a threat actor tracked as Salt Typhoon has also impacted Verizon and AT&T, according to reports.

The major hacking operation by a China-linked threat actor targeting internet service providers is now known to have impacted T-Mobile, according to a report.

The Wall Street Journal reported Friday that T-Mobile has joined the list of telecommunications providers affected in the attacks by a threat group tracked as Salt Typhoon, which has been connected to the Chinese government. Prior reports by the WSJ had identified Verizon and AT&T among the impacted ISPs in the cyber-espionage campaign.

The WSJ report indicated it’s not clear whether T-Mobile customer records were compromised in the breach, which may have lasted for several months.

In a statement, T-Mobile said that it is “closely monitoring this industry-wide attack.”

“Due to our security controls, network structure and diligent monitoring and response we have seen no significant impacts to T-Mobile systems or data,” the company said in the statement. “We have no evidence of access or exfiltration of any customer or other sensitive information as other companies may have experienced."

The WSJ report follows the recent disclosure that some government officials saw their communications compromised in connection with the Salt Typhoon hacking operation.

“The US government's continued investigation into the People's Republic of China (PRC) targeting of commercial telecommunications infrastructure has revealed a broad and significant cyber espionage campaign,” the FBI and CISA (Cybersecurity and Infrastructure Security Agency) said in a joint statement on Nov. 13.

The FBI and CISA said in the statement that they had “identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies,” though the impacted telecoms were not identified.

The hack did compromise some customer call records and also involved copying “certain information that was subject to U.S. law enforcement requests pursuant to court orders,” the statement said.

Notably, the campaign’s activities included “the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity,” the statement from the FBI and CISA said.

The WSJ report also follows a recent settlement between T-Mobile and the Federal Communications Commission (FCC) over a series of four breaches from 2021 to 2023.

The settlement announced in September has required T-Mobile to pay a total of $31.5 million, which includes both a fine and an investment into cybersecurity, while adopting numerous security measures including a “modern” zero trust architecture.