2024-11-27
T-Mobile Resists Intrusions, Suspects Chinese APT
T-Mobile has foiled an attack by threat actors suspected to be "linked to Chinese state-sponsored operations," according to Chief Security Officer (CSO) Jeff Simon in a November 27 update. The attack "originated from a wireline provider’s network" connected to T-Mobile, but the company's defenses successfully detected the infiltration attempts, protected sensitive customer records including metadata with "information about the caller, sender and recipient," and disconnected from the compromised network. The CSO attributes this success to a "cybersecurity major transformation" undertaken by T-Mobile in the wake of previous attacks: a 2022 internal systems intrusion by Lapsus$ and a 2022-2023 data breach affecting 37 million customers are the latest of eight major breaches the provider has disclosed since 2018. The recent overhaul focused on layered defenses, proactive monitoring, rapid response and mitigation, and "constant vigilance." Simon enumerates specific security measures including: MFA and FIDO2 authentication; network segmentation; improvements to logging, patching, and security tools; and regular testing, attack simulations, and rewards for vulnerability discovery. Though T-Mobile notes that this attack differs from other recent intrusions, the statement follows confirmations by government agencies that a Chinese Advanced Persistent Threat (APT) group has compromised the wiretap systems required under US law since 1994’s Communications Assistance for Law Enforcement Act (CALEA).
Editor's Note
Compare that list of specific security measures in the overhaul (layered defenses, proactive monitoring, rapid response and mitigation, and "constant vigilance”) to the Critical Security Controls – pretty close match.
John Pescatore
While none of the improvements is earth shattering alone, each needs to be ubiquitous and securely deployed, and in total the impact is dramatic. Yes, defense in depth remains important.
Lee Neely
Read more in
Trend Micro: Breaking Down Earth Estries' Persistent TTPs in Prolonged Cyber Operations
The Register: T-Mobile US takes a victory lap after stopping cyberattacks: 'Other providers may be seeing different outcomes'
Nextgov: Chinese hackers used a ‘range of sophisticated methods’ to breach US telecom providers, insider says
The Record: T-Mobile rebuffed breach attempts by hackers likely connected to China’s Salt Typhoon
Gov Infosecurity: T-Mobile Disputes Claims of Chinese Hack on Customer Data
TechCrunch: The 30-year-old internet backdoor law that came back to bite (October 2024)
TechCrunch: Lapsus$ hackers targeted T-Mobile source code in latest data breach (April 2022)
TechCrunch: T-Mobile says hacker accessed personal data of 37 million customers (January 2023)