T-Mobile US Takes A Victory Lap After Stopping Cyberattacks: 'Other Providers May Be Seeing Different Outcomes'

Attackers - possibly China's Salt Typhoon cyber-espionage crew - compromised an unnamed wireline provider's network and used this access to try to break into T-Mobile US systems multiple times over the past few weeks, according to its Chief Security Officer Jeff Simon. 

Simon was among the telecom execs who met White House officials last week to discuss the recent spate of Chinese intrusions into telecoms networks.

Today, the un-carrier's security boss took a victory lap around his fellow operators, and detailed how T-Mo thwarted the attacks from advancing and disrupting services. 

Salt Typhoon compromised "multiple" US telcos in its extensive snooping campaign, and this allegedly included Verizon, AT&T, and Lumen Technologies, although all three have thus far declined to comment.

According to the Feds, the crew compromised systems used for performing communications wiretapping for law enforcement, and stole customers' call records, phone calls, and texts - including private communications between government officials - during this espionage endeavor. However, "this is not the case at T-Mobile," Simon said in a write-up. 

• T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears
• China has utterly pwned 'thousands and thousands' of devices at US telcos
• Chinese cyberspies reportedly breached Verizon, AT&T, Lumen
• Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'

The attackers (T-Mob can't definitely attribute these to Salt Typhoon) did not access any sensitive customer data, such as calls, voicemail messages, and texts, he added.

While the carrier did detect "attempts to infiltrate our systems by bad actors," according to Simon, "we quickly severed connectivity to the [wireline] provider's network as we believe it was – and may still be – compromised." 

T-Mobile US hasn't seen any previous attempts like this, and as of now, the miscreants appear to have been kicked out of the mobile carrier's network, we're told.

"Simply put, our defenses worked as designed," Simon said. "Other providers may be seeing different outcomes."

It's a welcome reverse course for T-Mo, which has had its security breached at least seven times since 2018. In September, the telco agreed to fork out $31.5 million to improve its cybersecurity and pay a civil penalty after a series of network intrusions affected tens of millions of customers. 

It would appear at least that the improved infosec program is already starting to pay off. ®