November 28, 2024Ravie LakshmananNetwork security/cyber espionage

US telecom provider T-Mobile said it had recently discovered attempts by malicious actors to infiltrate its systems in recent weeks, but noted that sensitive data had not been accessed.

These intrusion attempts “emanated from a landline carrier’s network connected to ours,” Jeff Simon, chief security officer at T-Mobile, said in a statement. “We don’t see any examples of previous attempts like this.”

The company further said its security measures prevented threat actors from disrupting its services or obtaining customer information. The company has since confirmed that it has disconnected from the unnamed carrier’s network. It did not explicitly attribute the activity to any known threat actors or group, but noted that it has shared its findings with the US government.

Speaking to Bloomberg, Simon said the company had observed the attackers executing sensing-related commands on routers to examine the network’s topography. He added that the attacks were contained before they moved laterally across the network. T-Mobile is the first company to publicly acknowledge the cyber incident.

The development comes shortly after reports that a China-linked cyber espionage group called Salt Typhoon (also known as Earth Estries, FamousSparrow, GhostEmperor and UNC2286) targeted multiple US telecom companies, including AT&T, Verizon and Lumen Technologies, as part of an intelligence collection. campaign.

“Simply put, our defenses worked as designed – from our layered network design to robust monitoring and partnerships with third-party cybersecurity experts and rapid response – to prevent attackers from advancing and, most importantly, to prevent them from accessing sensitive customer information. Simon said. “Other providers may see different results.”