NewsChinese hacker group targets US telecom giants in data breach attempt

Chinese hacker group targets US telecom giants in data breach attempt

Chinese hackers infiltrated T-Mobile and other American telecommunications companies, attempting to access confidential data. T-Mobile assures that its systems and customer data were not significantly compromised.

Chinese cybercriminals hit the USA
Chinese cybercriminals hit the USA
Images source: © Wikimedia
Robert Kędzierski

19 November 2024 11:03

The American telecommunications giant T-Mobile confirmed it fell victim to Chinese cybercriminals who attempted to access confidential data. The hacker group Salt Typhoon conducted a months-long cyber-espionage campaign targeting the cellular communications of strategic intelligence objectives.

In an official statement, a T-Mobile spokesperson stated, "T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information." The representative assured us that the situation would be continuously monitored in cooperation with industry partners and relevant services.

Cyberattacks targeted T-Mobile and other major telecommunications companies, including AT&T, Verizon, and Lumen Technologies. The American government's investigation revealed that this was a widespread cyber-espionage operation orchestrated by the People's Republic of China.

Advanced attack techniques

The hacker group Salt Typhoon, known by names such as Earth Estries, FamousSparrow, GhostEmperor, and UNC2286, has been active since 2020. Analysts from Trend Micro discovered that the hackers use a combination of legitimate tools and specially designed malware to bypass security measures.

Experts from Trend Micro noted that the group systematically updates its tools and uses backdoors to move within networks and steal authentication data. To collect and exfiltrate data, the criminals use the tool TrillClient and employ anonymous file-sharing services to transmit the information.

Infiltration methods and access maintenance

Hackers employ two different attack paths. The first exploits vulnerabilities in external services and remote management tools. Criminals install malicious software such as Cobalt Strike, the TrillClient program written in Go, and the backdoors HemiGate and Crowdoor.

The second attack method is more advanced and focuses on exploiting vulnerable Microsoft Exchange servers. Hackers install the China Chopper web shell, which delivers additional malware, including Zingdoor and Snappybee. They use victims' proxy servers to obfuscate network traffic.

According to Trend Micro experts, the group shows excellent knowledge of their targets' environments. Continually identifying new layers vulnerable to attack and using a combination of proven tools and their backdoors creates a multi-layered attack strategy that is difficult to detect and stop.

Related content
© Daily Wrap
·About us
·Terms of service
·Contact us
·Privacy policy
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.