An Update on Recent Cyberattacks Targeting the US Wireless Companies
By Jeff Simon, T-Mobile Chief Security Officer
Like the entire telecommunications industry, T-Mobile has been closely monitoring ongoing reports about a series of highly coordinated cyberattacks by bad actors known as “Salt Typhoon” that are reported to be linked to Chinese state-sponsored operations. Many reports claim these bad actors have gained access to some providers’ customer information over an extended period of time – phone calls, text messages, and other sensitive information, particularly from government officials. This is not the case at T-Mobile. To clear up some misleading media reports, here is what we’re currently seeing, much of which we believe is different from what is being seen by other providers.
- Within the last few weeks, we detected attempts to infiltrate our systems by bad actors. This originated from a wireline provider’s network that was connected to ours.
- We see no instances of prior attempts like this.
- Our defenses protected our sensitive customer information, prevented any disruption of our services, and stopped the attack from advancing. Bad actors had no access to sensitive customer data (including calls, voicemails or texts).
- We quickly severed connectivity to the provider’s network as we believe it was – and may still be – compromised.
- We do not see these or other attackers in our systems at this time.
- We cannot definitively identify the attacker’s identity, whether Salt Typhoon or another similar group, but we have reported our findings to the government for assessment.
Simply put, our defenses worked as designed – from our layered network design to robust monitoring and partnerships with third-party cyber security experts and a prompt response – to prevent the attackers from advancing and, importantly, stopped them from accessing sensitive customer information. Other providers may be seeing different outcomes.
We have shared what we’ve learned with industry and government leaders as we collectively work to combat these large-scale, sophisticated national threats. Last week, I had the opportunity to join a meeting at the White House with other leaders to discuss how we’re mitigating these threats. As we all have a mutual goal to protect American consumers, we felt it was important to communicate more about what we’ve seen with providers who may still be fighting these adversaries.
Prevention of Cyber Attacks
No system is immune to cybersecurity attacks. Technology companies and wireless providers like ours experience hundreds and sometimes thousands of attempted attacks of various degrees every day, so my team and I must stay vigilant. We work each day to stay ahead of what’s to come, constantly adjusting our approach as bad actors adjust theirs.
Following some incidents we experienced a few years back, we set out to undertake a cybersecurity major transformation, making a massive investment in our program and focusing on enhancing four key areas:
- Layered defenses that more effectively deter attacks, essentially a series of gates that are increasingly difficult to pass
- Proactive and more robust monitoring to detect unusual activity
- Rapid response capabilities to quickly shut down activity and mitigate impact
- Constant vigilance to stay ahead of evolving threats, promptly detect suspicious activity, and rapidly respond
As we know that attackers will not stop and neither will we, so we’ve gone even further, investing in new enhancements and bolstering measures we already had in place such as:
- MFA or multi-factor authentication for our entire workforce; requiring FIDO2 (external devices that enable passwordless logins) where possible. MFA requires users to provide multiple forms of verification to access an account, helping prevent unauthorized access through phishing.
- Separation of our systems and networks to hinder a bad actor’s ability to move beyond the initial system that they may have compromised.
- Comprehensive logging and monitoring to rapidly alarm on and track unauthorized activity.
- Accelerated patching and hardening of systems to address any security vulnerabilities.
- More security tools to ensure laptops, servers, and network devices are connecting to approved trusted sources
- Constant testing of our systems and advanced attacker simulations to identify security weaknesses, and offering rewards for finding potential security vulnerabilities in our systems
Also, it’s important to mention that T-Mobile’s modern and advanced telecommunications infrastructure provides additional security advantages. Our wireless network built on standalone 5G technology offers advanced device authentication, enhanced encryption, and improved privacy protections. It tends to be newer and has more security capabilities versus older 4G systems. (You can check out more on the benefits of 5G standalone technology here.) Additionally, T-Mobile has minimal operations in wireline networks (e.g., cable, copper, or bulk fiber) and provides service almost exclusively within the U.S. This simplifies the management and security of our systems. Our consumer fiber offerings are also separate isolated networks from our wireless network infrastructure.
These are just a few examples of what we’re building and supporting but our work is never done. Cybersecurity is a journey not a destination.
Our Commitment
As an industry and country, we are now seeing activity from the most sophisticated cyber criminals we've ever faced, and as such, we can't make any promises with absolute certainty. But I can tell you that our commitment to our customers is clear: T-Mobile will work tirelessly to keep customer information secure, safeguarding our network, responding swiftly to threats, and investing in security. We are humbled by the trust our customers place in us, and we do not take this responsibility lightly.