T-Mobile confirms its network was hit by Chinese hackers


  • T-Mobile has joined the list of Salt Typhoon victims
  • Salt Typhoon has been heavily targeting the telecommunications sector
  • No evidence has been found to suggest customer data access

T-Mobile has joined the growing list of US telecom operators who have been breached by Salt Typhoon.

The company confirmed in a statement to the Wall Street Journal that while a breach had occurred, there was no evidence to suggest the attackers had accessed or exfiltrated any customer data.

“T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information. We will continue to monitor this closely, working with industry peers and the relevant authorities,” the company said in its statement.

Salt Typhoon continues attack

Salt Typhoon has been conducting a broad attack against US and Canadian telecommunications companies and internet service providers in what is thought to be a critical infrastructure mapping and espionage campaign.

The FBI recently confirmed the group had successfully gained access to networks and private communications of members of the US government.

The US government has also issued a warning through the Consumer Financial Protection Bureau (CFPB) for its workers to avoid using personal cell phones for work purposes, stating, “While there is no evidence that CFPB has been targeted by this unauthorized access, I ask for your compliance with these directives so we reduce the risk that we will be compromised.”

In a further statement to BleepingComputer, T-Mobile added, “Due to our security controls, network structure and diligent monitoring and response we have seen no significant impacts to T-Mobile systems or data. We have no evidence of access or exfiltration of any customer or other sensitive information as other companies may have experienced.”

The group is widely recognized as a Chinese state-sponsored threat actor and the campaign is thought to be a mapping and vulnerability hunting campaign for future attacks.

Other telecommunications companies affected by the same campaign include AT&T, Lumen Technologies, and Verizon, with the attackers potentially having access to customer data and networks for several months. A network used by US authorities to submit requests pursuant to court orders was also breached.

A roundup of T-Mobile breaches by BleepingComputer puts this as the ninth since 2019, with the company suffering a number of data leaks, attacks and extortion attempts.

You might also like

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.