T-Mobile’s network was among the systems hacked in a damaging Chinese cyber-espionage operation that successfully gained entry into multiple U.S. and international telecommunications companies, according to people familiar with the matter.
Hackers linked to a Chinese intelligence agency were able to breach T-Mobile as part of a monthslong campaign to spy on the cellphone communications of high-value intelligence targets. It is unclear what information, if any, was taken about T-Mobile customers’ calls and communications records.
“T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information,” a company spokeswoman said. “We will continue to monitor this closely, working with industry peers and the relevant authorities.”
The compromise of T-Mobile expands the list of known victims of a cyber-espionage campaign by Chinese hackers—dubbed Salt Typhoon—that some U.S. officials consider to be historic and catastrophic in scope and severity.
The Journal previously reported in October that AT&T, Verizon and Lumen Technologies were among the telecom companies that suffered an intrusion.
The group used sophisticated methods to infiltrate American telecom infrastructure through vulnerabilities including Cisco Systems routers, and investigators suspect the hackers relied on artificial intelligence or machine learning to further their espionage operations , people familiar with the matter said. The attackers penetrated at least some of that infrastructure over eight months or more.
In the broader hacking campaign, attackers were able to access cellphone lines used by an array of senior national security and policy officials across the U.S. government, in addition to politicians.
The access allowed them to scoop up call logs, unencrypted texts and some audio from targets, in what investigators believe may have significant national-security ramifications.
Additionally, the hackers were able to access information from systems maintained by the carriers to comply with U.S. surveillance requests, raising further counterintelligence concerns.
Investigators are still endeavoring to fully understand and have said the attack was carried out by the Salt Typhoon group. At Lumen, which doesn’t provide wireless service, the attackers didn’t steal any customer data or access its wiretap capabilities, according to people familiar with the matter.
Some foreign telecommunications firms were also compromised in the hacks, including in countries that maintain close intelligence-sharing partnerships with the U.S., people familiar with the matter said.
Earlier this week, the Biden administration acknowledged in a public statement some details about the nature of the “broad and significant” hack that were previously reported by the Journal.
Chinese government-linked hackers had compromised networks at multiple telecommunications companies “to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders,” the statement from the Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency said.
