U.S. telecoms big shot T-Mobile just said that it got targeted by some sneaky Chinese hackers who were trying to get their hands on some super important info. These dudes, who go by the name Salt Typhoon, have been up to no good for a while, like a bunch of months, and they're after stuff that could be really useful to them, like the phone stuff of important people who know important things. It's still kind of a mystery if they actually stole anything, though.
A person from T-Mobile talked to The Wall Street Journal and said that even though this sounds like a big deal, their systems are cool and their customers' info is safe. They're definitely keeping an eye on it and teaming up with other big companies and the government to figure out what's going on.
T-Mobile isn't the only one dealing with this cyber drama. Other big names like AT&T, Verizon, and Lumen Technologies have had the same problem. It's like someone's playing a giant game of "Where's Waldo?" but with hackers instead of a cartoon guy in a red and white striped shirt.
The U.S. government is really concerned about this because it looks like China's been trying to get into a lot of our phone companies' systems to steal data and spy on some important folks. They think it's a big, bad situation that could get even bigger as they keep investigating.
The hackers, who are also known by some other fancy names like Earth Estries, FamousSparrow, GhostEmperor, and UNC2286, have been playing this game since at least 2020. They're pretty clever and have been using all sorts of tools to sneak around and not get caught.
Some cybersecurity peeps at Trend Micro have been looking into it and they said these hackers use a mix of normal tools and some they made themselves to break into systems and not get caught. They've seen these guys attack companies in places like the Philippines, Taiwan, Malaysia, South Africa, Germany, and the U.S., which is pretty impressive if you think about how many countries that is.
These Salt Typhoon guys know their stuff. They keep updating their tools so they don't get caught and they're pretty good at hiding once they're inside a network. They use stuff like Cobalt Strike and HemiGate to get into computers and grab what they want.
The researchers found out that the hackers have two main ways of getting into a network. One is by finding weak spots in things like QConvergeConsole, and the other is by using messed up Microsoft Exchange servers to put in a thing called China Chopper, which is basically a back door into the system.
They've also used some other sneaky programs like NinjaCopy to grab login info and PortScan to figure out the layout of the network they're in. And to make it even harder to catch them, they switch up their tools and backdoors a lot.
One super clever thing they did was use a victim's proxy server to redirect traffic to their command center so no one would suspect them. They're like the James Bond of hackers, always changing their tactics and staying one step ahead.
These hackers have been using tools like Cryptmerlin and FuxosDoor, which sound like something from a sci-fi movie, to keep control over the computers they've hacked into. It's pretty intense how much they know about the systems they're attacking and how they manage to stick around without getting booted out.
In the end, the researchers are like, "Wow, these guys are really good at what they do and we need to stay on top of it." So yeah, it's a pretty wild cyber situation out there, and everyone's trying to make sure our info doesn't get into the wrong hands.