Hackers with ties to Chinese intelligence infiltrated multiple U.S. and international telecom companies, including T-Mobile, in a prolonged cyber-espionage campaign aimed at high-value intelligence targets, sources familiar with the matter revealed.
The breach, part of a months-long operation, allowed the attackers to spy on the cellphone communications of key individuals, raising concerns about potential national security ramifications. While it remains unclear whether any sensitive customer data or communications records were compromised, T-Mobile has stated it is closely monitoring the situation.
“T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information,” a company spokesperson said. “We will continue to monitor this closely, working with industry peers and the relevant authorities.”
U.S. officials have referred to the cyber-espionage campaign, which they blame on a Chinese hacking group known as Salt Typhoon, as both “historic” and “catastrophic” in its scope and severity. Previous reports indicated that other major U.S. telecom firms, such as AT&T, Verizon, and Lumen Technologies, were also affected by the breach.
According to the WSJ Report, the hackers exploited vulnerabilities in telecom infrastructure, including Cisco Systems routers, and are believed to have employed artificial intelligence (AI) and machine learning techniques to enhance their espionage capabilities.
The attack, which persisted for over eight months, allowed the hackers to access sensitive information, including call logs, unencrypted texts, and some audio communications from senior U.S. national security and government officials.
Free Webinar on How Security Leaders can Optimize Their Security Tech Stack in 2025 - Attend in LinkedIn
“The breach extended to systems maintained by telecom carriers for compliance with U.S. surveillance requests, further heightening counterintelligence concerns. Investigators are still working to fully assess the scope of the attack, which involved the compromise of systems used to handle U.S. law enforcement requests for surveillance data.”
Lumen Technologies, which does not offer wireless services, confirmed that while its systems were compromised, no customer data or wiretap capabilities were accessed during the attack, according to sources.
The cyber-espionage operation also targeted several foreign telecom firms, including those in countries that are part of intelligence-sharing alliances with the U.S., further underscoring the global reach of the attack.
Earlier this week, the Biden administration acknowledged the severity of the hack in a public statement, following initial reports by The Wall Street Journal.
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a statement confirming that Chinese government-linked hackers had compromised multiple telecom networks to steal customer call records and access the private communications of people primarily involved in government and political activities.
“We expect our understanding of these compromises to grow as the investigation continues,” the statement concluded.
The breach, which investigators are still piecing together, marks one of the most significant cyber-espionage campaigns in recent years, and its full implications on national security are yet to be fully understood.
Simplify and speed up Threat Analysis Workflow by Auto-detonating Cyber Attacks in a Malware sandbox