The industry-wide attacks were staged by a group known as 'Salt Typhoon.'
Back in October, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) admitted that they were looking into "the unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People's Republic of China." These bad actors, collectively called "Salt Typhoon," allegedly targeted US officials and staffers for the recently concluded presidential elections. A few days later, though, The Wall Street Journal reported that the group had access to a lot more people than originally thought. Basically, the hackers could have accessed the data of any American who's a customer of AT&T and Verizon. That list of carriers has grown just a bit longer, because according to a new report by The Journal and Reuters, Salt Typhoon had also infiltrated T-Mobile's network.
The hackers are believed to have exploited various vulnerabilities, such as those plaguing Cisco Systems routers, to get inside the carriers' network. They also used AI and machine learning, The Journal said, and stayed inside some of the systems they infiltrated for over eight months. That's enough time to get away with a bunch of sensitive data -- they were allegedly able to access the phone lines of US senior national security officials, as well as the call logs and unencrypted texts of their targets. The hackers were also reportedly able to access the information collected by carriers to comply with surveillance requests from the American authorities.
A company spokesperson told The Journal that T-Mobile is "closely monitoring" the attacks and said that its systems and data "have not been impacted in any significant way." They also said that the carrier didn't find evidence that its customers' information has been compromised in the security breach.