Examining the 'Worst' Telco Cyber Attack in US History

Share
The stakes are high; not only for enterprises, but national security.  PICTURE: Getty
The attack, which breached multiple telco networks and was believed to have been used to spy on law enforcement individuals, is described as unprecedented

In an already tumultuous year for the cybersphere, the recent cyberattack on US telecoms companies has stood out for their sheer scale and scope.

In fact, following revelations that T-Mobile was among those targeted by Chinese threat actors known as Salt Typhoon, the US Senate Intelligence Committee Chairman Mark Warner labelled the breach as "the worst telecom hack in our nation's history - by far." 

Mark Warner, Chairman of the Senate Intelligence Committee

This statement not only underscores the severity of the situation but also raises critical questions about national security and the integrity of communications systems that underpin society.

Understanding the breach

As the hack, which was first reported on in October, is unfolding, it's become clear that the implications of this breach extend beyond mere data theft. 

The US government has indicated that these cyber intrusions allowed hackers to intercept surveillance data intended for law enforcement, compromising sensitive information related to high-profile individuals involved in government or political activities. 

Reports suggest that the hackers managed to access customer call records and potentially listen to phone conversations and read text messages, raising alarms about the security of US telecommunications infrastructure.

Youtube Placeholder

T-Mobile's confirmation it was targeted in this cyber espionage campaign highlights how multiple major telecom company networks were breached, including AT&T, Verizon, and Lumen Technologies. 

US law enforcement warned that the extent and scope of these compromises could grow as the probe continues.

Examining the attack

The attacks are part of a "months-long campaign" aimed at harvesting cellphone communications from "high-value intelligence targets." 

The Salt Typhoon group, also known by various aliases such as Earth Estries and FamousSparrow, has been active since at least 2020. 

Their sophisticated approach combines legitimate tools with custom malware to evade detection and maintain access to compromised networks. 

Salt Typhoon have been seen to employ various techniques for initial access, including exploiting vulnerabilities in external-facing services and remote management utilities. 

"[this attack] the worst telecom hack in our nation's history - by far." 

US Senate Intelligence Committee Chairman Mark Warner

For instance, they have been found leveraging misconfigured QConvergeConsole installations to deploy malware like Cobalt Strike and custom backdoors such as HemiGate.

The attack methodology employed by Salt Typhoon is particularly alarming due to its complexity and adaptability. 

In one sequence, hackers exploit vulnerable Microsoft Exchange servers to implant web shells that facilitate further intrusions. 

This layered approach not only demonstrates their technical capabilities but also highlights a strategic understanding of target environments, allowing them to maintain persistent access over extended periods.

Implications on telcos

The ramifications of these breaches are significant, particularly in light of Warner's assertion that this incident is part of an ongoing effort by Chinese hackers to infiltrate telecom systems globally. 

Moreover, the breach has raised questions about the adequacy of current cybersecurity measures within the telco sector

As noted by Warner, "the barn door is still wide open," indicating a pressing need for enhanced security protocols to protect against such sophisticated threats. 

The ongoing nature of these attacks suggests that without action from telecos, the potential for further breaches remains high.

As investigations continue into the tactics employed by Salt Typhoon and other threat actors, it is imperative for industry stakeholders and government authorities to collaborate closely in fortifying defences against future incursions. 

The stakes are high; not only for enterprises, but national security.  


Explore the latest edition of Cyber Magazine  and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today. 


Cyber Magazine is a BizClik bran

Share

Featured Articles

Cisco Talos: Tracking Ransomware’s 35 Year Evolution

Martin Lee, Technical Lead for Security Research, Cisco Talos highlights how the ransomware landscape has shifted across the last 35 years

Resilience: Firms Fail to Grasp Cyber Financial Impact

Resilience and YouGov survey reveals 74% of mid to large UK businesses face cybercrime, while ransomware understanding lags behind data breach concerns

SonicWall and CrowdStrike Unite for SMB Security Service

SonicWall partners with endpoint protection specialist CrowdStrike to offer managed detection and response capabilities through managed service providers

FS-ISAC CISO Talks Cyber Strategies for Financial Providers

Cyber Security

Darktrace Reports 692% Surge in Black Friday Cyber Scams

Cyber Security

KnowBe4 Launches AI Agents to Counter Phishing Threats

Technology & AI