T-Mobile US takes a victory lap after stopping cyberattacks: 'Other providers may be seeing different outcomes'
(2024/11/27)
- Reference: 1732741153
- News link: https://www.theregister.co.uk/2024/11/27/tmobile_cyberattack_victory_lap/
- Source link:
Attackers - possibly China's Salt Typhoon cyber-espionage crew - compromised an unnamed wireline provider's network and used this access to try to break into T-Mobile US systems multiple times over the past few weeks, according to its Chief Security Officer Jeff Simon.
Simon was among the telecom execs who [1]met White House officials last week to discuss the recent spate of Chinese intrusions into telecoms networks.
Today, the un-carrier's security boss took a victory lap around his fellow operators, and detailed how T-Mo [2]thwarted the attacks from advancing and disrupting services.
[3]
Salt Typhoon compromised "multiple" US telcos in its extensive snooping campaign, and this allegedly included [4]Verizon, AT&T, and Lumen Technologies , although all three have thus far declined to comment.
[5]
[6]
According to the Feds, the crew [7]compromised systems used for performing communications wiretapping for law enforcement, and stole customers' call records, phone calls, and texts - including private communications between government officials - during this espionage endeavor. However, "this is not the case at T-Mobile," Simon [8]said in a write-up.
[9]T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears
[10]China has utterly pwned 'thousands and thousands' of devices at US telcos
[11]Chinese cyberspies reportedly breached Verizon, AT&T, Lumen
[12]Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'
The attackers (T-Mob can't definitely attribute these to Salt Typhoon) did not access any sensitive customer data, such as calls, voicemail messages, and texts, he added.
While the carrier did detect "attempts to infiltrate our systems by bad actors," according to Simon, "we quickly severed connectivity to the [wireline] provider's network as we believe it was – and may still be – compromised."
T-Mobile US hasn't seen any previous attempts like this, and as of now, the miscreants appear to have been kicked out of the mobile carrier's network, we're told.
[13]
"Simply put, our defenses worked as designed," Simon said. "Other providers may be seeing different outcomes."
It's a welcome reverse course for T-Mo, which has had its security breached [14]at least seven times since 2018. In September, the telco [15]agreed to fork out $31.5 million to improve its cybersecurity and pay a civil penalty after a series of network intrusions affected tens of millions of customers.
It would appear at least that the improved infosec program is already starting to pay off. ®
Get our [16]Tech Resources
[1] https://www.theregister.com/2024/11/25/salt_typhoon_mark_warner_warning/
[2] https://www.theregister.com/2024/11/18/tmobile_us_attack_salt_typhoon/
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cso&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0ekixeb0I4Tip_FruABIgAAAAY&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[4] https://www.theregister.com/2024/10/07/verizon_att_lumen_salt_typhoon/
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cso&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0ekixeb0I4Tip_FruABIgAAAAY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cso&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0ekixeb0I4Tip_FruABIgAAAAY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/
[8] https://www.t-mobile.com/news/un-carrier/update-cyberattacks-targeting-us-wireless-companies
[9] https://www.theregister.com/2024/11/18/tmobile_us_attack_salt_typhoon/
[10] https://www.theregister.com/2024/11/25/salt_typhoon_mark_warner_warning/
[11] https://www.theregister.com/2024/10/07/verizon_att_lumen_salt_typhoon/
[12] https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/
[13] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cso&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0ekixeb0I4Tip_FruABIgAAAAY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[14] https://www.theregister.com/2023/05/08/in_brief_security/
[15] https://www.theregister.com/2024/09/30/tmobile_data_breaches_settlement/
[16] https://whitepapers.theregister.com/
Simon was among the telecom execs who [1]met White House officials last week to discuss the recent spate of Chinese intrusions into telecoms networks.
Today, the un-carrier's security boss took a victory lap around his fellow operators, and detailed how T-Mo [2]thwarted the attacks from advancing and disrupting services.
[3]
Salt Typhoon compromised "multiple" US telcos in its extensive snooping campaign, and this allegedly included [4]Verizon, AT&T, and Lumen Technologies , although all three have thus far declined to comment.
[5]
[6]
According to the Feds, the crew [7]compromised systems used for performing communications wiretapping for law enforcement, and stole customers' call records, phone calls, and texts - including private communications between government officials - during this espionage endeavor. However, "this is not the case at T-Mobile," Simon [8]said in a write-up.
[9]T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears
[10]China has utterly pwned 'thousands and thousands' of devices at US telcos
[11]Chinese cyberspies reportedly breached Verizon, AT&T, Lumen
[12]Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'
The attackers (T-Mob can't definitely attribute these to Salt Typhoon) did not access any sensitive customer data, such as calls, voicemail messages, and texts, he added.
While the carrier did detect "attempts to infiltrate our systems by bad actors," according to Simon, "we quickly severed connectivity to the [wireline] provider's network as we believe it was – and may still be – compromised."
T-Mobile US hasn't seen any previous attempts like this, and as of now, the miscreants appear to have been kicked out of the mobile carrier's network, we're told.
[13]
"Simply put, our defenses worked as designed," Simon said. "Other providers may be seeing different outcomes."
It's a welcome reverse course for T-Mo, which has had its security breached [14]at least seven times since 2018. In September, the telco [15]agreed to fork out $31.5 million to improve its cybersecurity and pay a civil penalty after a series of network intrusions affected tens of millions of customers.
It would appear at least that the improved infosec program is already starting to pay off. ®
Get our [16]Tech Resources
[1] https://www.theregister.com/2024/11/25/salt_typhoon_mark_warner_warning/
[2] https://www.theregister.com/2024/11/18/tmobile_us_attack_salt_typhoon/
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cso&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0ekixeb0I4Tip_FruABIgAAAAY&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[4] https://www.theregister.com/2024/10/07/verizon_att_lumen_salt_typhoon/
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cso&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0ekixeb0I4Tip_FruABIgAAAAY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cso&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0ekixeb0I4Tip_FruABIgAAAAY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/
[8] https://www.t-mobile.com/news/un-carrier/update-cyberattacks-targeting-us-wireless-companies
[9] https://www.theregister.com/2024/11/18/tmobile_us_attack_salt_typhoon/
[10] https://www.theregister.com/2024/11/25/salt_typhoon_mark_warner_warning/
[11] https://www.theregister.com/2024/10/07/verizon_att_lumen_salt_typhoon/
[12] https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/
[13] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cso&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0ekixeb0I4Tip_FruABIgAAAAY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[14] https://www.theregister.com/2023/05/08/in_brief_security/
[15] https://www.theregister.com/2024/09/30/tmobile_data_breaches_settlement/
[16] https://whitepapers.theregister.com/
Tempting fate
Aleph0
Eh I don't know, but bragging like this could be seen by some as a challenge...
Reminds me of the Discworld method of committing suicide by walking into the Mended Drum tavern and announcing your name as ' [1]Vincent the Invulnerable ' or any such nonsense.
Icon: GNU PTerry
[1] https://wiki.lspace.org/Vincent_the_Invulnerable
"... the crew compromised systems used for performing communications wiretapping for law enforcement..."
Wow, didn't see that coming! Who would've thought that a built-in back door could be exploited?