Is Salt Typhoon a material threat to telecom?Is Salt Typhoon a material threat to telecom?

A China-backed hacking group dubbed Salt Typhoon is reportedly deep inside the networks of some US telecom operators. But how bad is it?

Mike Dano, Editorial Director, 5G & Mobile Strategies

December 6, 2024

5 Min Read
3D illustration. Security padlock being broken for unauthorized access by computer hackers. LED screen being destroyed pixel by pixel
(Source: Kiyoshi Takahase Segundo/Alamy Stock Photo)

In financial parlance, a "material" event is something that can have a substantial impact on a company's financial performance, stock price or overall business operations.

The word is often deployed in esoteric SEC filings to outline the various threats facing a public company: "The following important factors ... could affect future results and cause those results to differ materially from those expressed in the forward-looking statements," warns T-Mobile before outlining dozens of potential challenges ranging from "changes in the credit market conditions" to "sociopolitical volatility and polarization."

T-Mobile, along with other telecom companies including Verizon, AT&T and Comcast, lists cyber attacks among those threats.

"A cyber attack, information or security breach, or technology disruption or failure may negatively impact our ability to conduct our business or result in the misuse of confidential information, all of which could adversely affect our business, reputation and results of operations," Comcast warns.

So does the new Salt Typhoon hack rise to that "material" level of concern?

Chinese incursion

News first broke in October that Salt Typhoon – a group of Chinese hackers – was reportedly deep inside the networks of AT&T, Verizon and Lumen Technologies, among others. The hackers reportedly got real-time, unencrypted access to calls and text messages, as well as metadata about who the communications were sent to and from. It's not clear if the hackers still have that access.

Now, federal regulators are starting to sound the alarm.

"If feasible, limit exposure of management traffic to the Internet. Only allow management via a limited and enforced network path, ideally only directly from dedicated administrative workstations," was one of dozens of recommendations the Cybersecurity and Infrastructure Security Agency (CISA) issued to US telecom network engineers this week. 

The agency also specifically issued warnings about Cisco equipment.

Separately, the FCC's outgoing chairwoman this week proposed that telecom operators should "submit an annual certification to the FCC attesting that they have created, updated and implemented a cybersecurity risk management plan, which would strengthen communications from future cyberattacks."

Good luck with that

"Such directives will almost do nothing," wrote analyst Chetan Sharma on social media, in response to the FCC's new "certification" proposal.

"This is a massive security crisis for the country that needs its 'Manhattan Project' to address the threat. It is all-hands-on-deck for the US," Sharma continued, adding that it's "deeply embarrassing for the country that prides itself in technological prowess."

So how should everyday telecom customers protect themselves?

Officials from CISA and the FBI urged Americans to use encrypted messaging apps, according to TechCrunch.

"Encryption is your friend; whether it's on text messaging or if you have the capacity to use encrypted voice communication," said a CISA official during a call with reporters, according to the publication.

T-Mobile's hypocrisy

T-Mobile, strangely, is using the Salt Typhoon hack to boast about its network security.

"Many reports claim these bad actors have gained access to some providers' customer information over an extended period of time ... This is not the case at T-Mobile," wrote Jeff Simon, T-Mobile's chief security officer, at the end of last month. Simon countered reports that T-Mobile had been affected by the hack.

"It was almost surprising how little we were able to find of Salt Typhoon on T-Mobile infrastructure. We did not see evidence of them at all," Simon told Cybersecurity Dive, a Light Reading sister publication, this week.

Some analysts called out T-Mobile for its better-than-you stance: "It's all too common for a cybersecurity vendor to dunk on a competitor when it fails," wrote analyst Patrick Donegan, with research firm HardenStance, on social media. "But a senior cybersecurity practitioner in a critical infrastructure business appearing to dunk on peers in the midst of a sector-wide incident of such magnitude breaks what many will recognize as a form of unwritten rule that most cybersecurity leaders would want to adhere to."

T-Mobile, of course, has suffered a series of well-documented network hacks over the past few years. In fact, the company is in the midst of a legal effort to sidestep a $92 million FCC fine for failing to reasonably protect its customers' location information.

T-Mobile is broadly arguing the FCC doesn't have the authority to issue that kind of fine. But it's not a good look.

Crickets

Earlier this week, US government agencies held a classified briefing for all senators on Salt Typhoon, according to Reuters.

"They have not told us why they didn't catch it; what they could have done to prevent it," Republican Senator Rick Scott told the publication. The Senate scheduled a hearing on the topic for December 11.

So here we are. The feds are literally telling regular telecom customers that they should encrypt their communications because the Chinese have hacked into US telecom networks. The operators are bickering among themselves about whose security is better. And lawmakers are complaining that they're not getting enough information about it.

"The extent and depth and breadth of Chinese hacking is absolutely mind-boggling – that we would permit as much as has happened in just the last year is terrifying," said Senator Richard Blumenthal, according to Reuters.

The Salt Typhoon hack hasn't come up once during recent investor events, including AT&T's three-hour analyst day earlier this week.

"From our perspective, this could be a modest negative for the carriers as hacks typically can lead to remedies and fines," the financial analysts at KeyBanc Capital Markets wrote in a note to investors early last month, when Salt Typhoon reports first emerged.

That sounds pretty immaterial to me.

Article updated December 6 to provide more details about T-Mobile's Salt Typhoon statements.

About the Author

Mike Dano

Editorial Director, 5G & Mobile Strategies, Light Reading

Mike Dano is Light Reading's Editorial Director, 5G & Mobile Strategies. Mike can be reached at [email protected], @mikeddano or on LinkedIn.

Based in Denver, Mike has covered the wireless industry as a journalist for almost two decades, first at RCR Wireless News and then at FierceWireless and recalls once writing a story about the transition from black and white to color screens on cell phones.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like