NewsChinese hackers target major US telecoms but fail to breach data

Chinese hackers target major US telecoms but fail to breach data

Chinese hackers infiltrated T-Mobile and other American telecommunications companies, attempting to access confidential data. T-Mobile assures that their systems and customer data were not significantly compromised.

Chinese cybercriminals struck the USA.
Chinese cybercriminals struck the USA.
Images source: © Wikimedia

9:51 AM EST, November 19, 2024

The American telecommunications giant T-Mobile confirmed it has fallen victim to Chinese cybercriminals who attempted to access confidential data. The hacker group Salt Typhoon conducted a months-long cyber-espionage campaign targeting the cellular communications of strategic intelligence objectives.

In an official statement, a T-Mobile spokesperson stated, "The company's systems and data have not been significantly compromised, and the company has no evidence of a breach of customer data security." The representative assured continuous monitoring of the situation in cooperation with industry partners and relevant authorities.

Cyberattacks targeted T-Mobile and other major telecommunications companies, including AT&T, Verizon, and Lumen Technologies. An investigation by the American government revealed that this is a widespread cyber-espionage operation directed by the People's Republic of China.

Advanced attack techniques

The hacker group Salt Typhoon, also known by names such as Earth Estries, FamousSparrow, GhostEmperor, and UNC2286, has been active at least since 2020. Analysts from Trend Micro discovered that the hackers use a combination of legitimate tools and specially designed malware to bypass security measures.

Experts from Trend Micro noted that "the group systematically updates its tools and uses backdoors to move within networks and steal authentication data." To collect and exfiltrate data, the criminals use the tool TrillClient and employ anonymous file-sharing services to transmit the information.

Infiltration methods and access maintenance

Hackers employ two different attack paths. The first exploits vulnerabilities in external services and remote management tools. Criminals install malicious software such as Cobalt Strike, the TrillClient program written in Go, and the backdoors HemiGate and Crowdoor.

The second attack method is more advanced and focuses on exploiting vulnerable Microsoft Exchange servers. Hackers install the China Chopper web shell, which delivers additional malware, including Zingdoor and Snappybee. They use victims' proxy servers to obfuscate network traffic.

According to Trend Micro experts, the group demonstrates excellent knowledge of its target environments. By continuously identifying new layers vulnerable to attack and using a combination of proven tools and its own backdoors, it creates a multi-layered attack strategy that is difficult to detect and stop.

Related content
© essanews.com
·About us
·Terms of service
·Contact us
·Privacy policy
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.