US telecommunications service provider T-Mobile said it had recently discovered attempts by attackers to infiltrate its systems in recent weeks, but noted that no sensitive data had been accessed.
Those intrusion attempts “came from an ISP’s ISP network that was connected to ours,” said Jeff Simon, T-Mobile’s chief security officer. said in the statement. “We don’t see any previous attempts like this.”
Additionally, the company said its security measures prevented threat actors from disrupting its services or obtaining customer information. He has since confirmed that he has disconnected from the unnamed provider’s network. It did not attribute the activity to any known threat actor or group, but said it had shared its findings with the US government.
Speaking to Bloomberg, Simon said The company observed attackers running detection-related commands on routers to examine the topography of the network, adding that the attacks were stopped before they traveled through the network. T-Mobile became the first company to publicly acknowledge the cyber incident.
The development comes shortly after reports of a call from a cyber espionage group linked to China Salt typhoon (aka Earth Estries, FamousSparrow, GhostEmperor and UNC2286) directed several US telecommunications companiesincluding AT&T, Verizon and Lumen Technologies, as part of an intelligence-gathering campaign.
“Simply put, our defenses worked as intended – from our multi-layered network design to robust monitoring and partnerships with third-party cybersecurity experts and rapid response – to prevent attackers from gaining ground and, importantly, from gaining access to sensitive information customers,” said Simon. “Other providers may see different results.”
