NewsChinese cyberattackers target T-Mobile in data access attempt

Chinese cyberattackers target T‑Mobile in data access attempt

Chinese hackers have infiltrated T-Mobile and other major American telecommunications companies, attempting to access confidential data. T-Mobile assures customers that their systems and data were not significantly compromised.

Chinese cybercriminals hit the USA
Chinese cybercriminals hit the USA
Images source: © Wikimedia
Robert Kędzierski

19 November 2024 11:56

The American telecommunications giant T-Mobile confirmed it had been targeted by Chinese cybercriminals who attempted to access confidential data. The hacker group Salt Typhoon has conducted a prolonged cyber-espionage campaign aiming at the cellular communications of strategic intelligence targets.

In an official statement, a T-Mobile spokesperson stated, "T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information." The representative assured that the situation would be monitored with industry partners and relevant authorities.

Besides T-Mobile, other major telecommunications companies, including AT&T, Verizon, and Lumen Technologies, have also been victims of cyberattacks. An investigation by the American government revealed that this is a widespread cyber-espionage operation directed by the People's Republic of China.

Advanced attack techniques

The hacker group Salt Typhoon, also known as Earth Estries, FamousSparrow, GhostEmperor, and UNC2286, has been active since at least 2020. Analysts from Trend Micro discovered that the hackers use a combination of legitimate tools and specially designed malware to bypass security measures.

Experts from Trend Micro noted that the group systematically updates their tools and utilises backdoors to move within networks and steal authentication data. To collect and exfiltrate data, the criminals use the tool TrillClient and employ anonymous file-sharing services to transmit the information.

Infiltration methods and access maintenance

Hackers employ two different attack paths. The first exploits vulnerabilities in external services and remote management tools. Criminals install malicious software such as Cobalt Strike, the TrillClient program written in Go, and the backdoors HemiGate and Crowdoor.

The second attack method is more advanced and focuses on exploiting vulnerable Microsoft Exchange servers. Hackers install the China Chopper web shell, which delivers additional malware, including Zingdoor and Snappybee. They utilise victims' proxy servers to obfuscate network traffic.

According to Trend Micro experts, the group demonstrates excellent knowledge of its targets' environments. Continually identifying new vulnerabilities and using a combination of proven tools and its own backdoors creates a multi-layered attack strategy that is difficult to detect and stop.

Related content
© Daily Wrap
·About us
·Terms of service
·Contact us
·Privacy policy
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.