The giant US telecommunications company T-Mobile has confirmed that it is among the companies targeted by Chinese threat actors in order to gain access to valuable information. These adversaries, tracking as Salt Typhoon, compromised the company as part of a months-long campaign aimed at intercepting mobile phone communications of high-value targets.
Salt Typhoon, also known as Earth Estries, exploited vulnerabilities and sophisticated backdoors to obtain sensitive data. While it remains unclear what specific information was compromised, a full investigation will allow the U.S. government to learn how deep this attack went.
"T-Mobile is closely monitoring this industry-wide attack and at this time none of our systems or data have been significantly impacted," a company spokesperson said. "We continue to work closely with industry peers and the appropriate authorities."
According to reports, this attack not only affects T-Mobile, but also other major telecommunications companies such as AT&T and Verizon, which have also been targeted by the ongoing espionage campaign. However, according to the report, there is no clear indication yet of how successful the attackers actually were or whether they installed malware.
The US government announced that the attacks were orchestrated by the People's Republic of China and pose a "massive and significant" threat. These attacks aim to steal data from telecommunications providers, including call data of government and political figures.
Threat actors use a sophisticated combination of tools and techniques to evade defensive mechanisms and maintain access to their targets. These methods include the use of legitimate tools such as cURL for data exfiltration, as well as custom malware such as TrillClient and backdoors such as Crowdoor.
The attack often began with attackers exploiting vulnerabilities in external systems or abusing remote management services such as Microsoft Exchange. By installing web shells such as China Chopper and using Cobalt Strike, they were able to collect and exfiltrate extensive data.
This multi-stage attack poses a huge threat as it becomes increasingly difficult to detect due to sophisticated and continuously updated backdoors.
We use cookies, and Google reCAPTCHA, which loads Google Fonts and communicates with Google servers. By continuing to use our website, you agree to the use of cookies and our privacy policy.