U.S. telecom service provider T-Mobile said it recently detected attempts made by bad actors to infiltrate its systems in recent weeks but noted that no sensitive data was accessed.
These intrusion attempts “originated from a wireline provider’s network that was connected to ours,” Jeff Simon, chief security officer at T-Mobile, said in a statement. “We see no instances of prior attempts like this.”
The company further said its security defenses prevented the threat actors from disrupting its services or obtaining customer information. It has since confirmed that it cut off connectivity to the unnamed provider’s network. It did not explicitly attribute the activity to any known threat actor or group, but noted that it has shared its findings with the U.S. government.
Speaking to Bloomberg, Simon said the company observed the attackers running discovery-related commands on routers to probe the topography of the network, adding the attacks were contained before they moved laterally across the network. T-Mobile is the first company to publicly acknowledge the cyber incident.
The development comes shortly after reports that a China-linked cyber espionage group called Salt Typhoon (aka Earth Estries, FamousSparrow, GhostEmperor, and UNC2286) targeted multiple U.S. telecom companies, including AT&T, Verizon, and Lumen Technologies, as part of an intelligence gathering campaign.
“Simply put, our defenses worked as designed – from our layered network design to robust monitoring and partnerships with third-party cyber security experts and a prompt response – to prevent the attackers from advancing and, importantly, stopped them from accessing sensitive customer information,” Simon said. “Other providers may be seeing different outcomes.”
