Chinese hackers use T-Mobile and other US telecommunications systems for larger espionage campaign

The giant US telecommunications company T-Mobile has confirmed that it is among the companies targeted by Chinese threat actors in order to gain access to valuable information. These adversaries, tracking as Salt Typhoon, compromised the company as part of a months-long campaign aimed at intercepting mobile phone communications of high-value targets.

Salt Typhoon, also known as Earth Estries, exploited vulnerabilities and sophisticated backdoors to obtain sensitive data. While it remains unclear what specific information was compromised, a full investigation will allow the U.S. government to learn how deep this attack went.

"T-Mobile is closely monitoring this industry-wide attack and at this time none of our systems or data have been significantly impacted," a company spokesperson said. "We continue to work closely with industry peers and the appropriate authorities."

Table of Contents

Numerous telecommunications companies are affected

According to reports, this attack not only affects T-Mobile, but also other major telecommunications companies such as AT&T and Verizon, which have also been targeted by the ongoing espionage campaign. However, according to the report, there is no clear indication yet of how successful the attackers actually were or whether they installed malware.

US government warns of growing threat

The US government announced that the attacks were orchestrated by the People's Republic of China and pose a "massive and significant" threat. These attacks aim to steal data from telecommunications providers, including call data of government and political figures.

Techniques and Tools of the Salt Typhoon Attack

Threat actors use a sophisticated combination of tools and techniques to evade defensive mechanisms and maintain access to their targets. These methods include the use of legitimate tools such as cURL for data exfiltration, as well as custom malware such as TrillClient and backdoors such as Crowdoor.

The attack often began with attackers exploiting vulnerabilities in external systems or abusing remote management services such as Microsoft Exchange. By installing web shells such as China Chopper and using Cobalt Strike, they were able to collect and exfiltrate extensive data.

This multi-stage attack poses a huge threat as it becomes increasingly difficult to detect due to sophisticated and continuously updated backdoors.

 
How do I reliably protect my company from hackers?
With the support of good hackers!
Contact us now
Share your feedback and help us improve our services!

Share your feedback and help us improve our services!

Take 1 minute to give us some feedback. This way we can ensure that our IT security solutions meet your exact needs.