As 2024 came to a close, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the National Security Agency, and partner agencies in New Zealand, Australia, and Canada released a joint statement warning that Salt Typhoon, a Chinese APT group, was targeting major global telecommunications providers. As many as 80 telecommunications companies and internet service providers, including AT&T, Verizon, and T-Mobile, are believed to have been infiltrated in the hack.
According to senior FBI officials who spoke anonymously to Politico, a “small number of political or government-linked individuals, all of whom have been notified by officials — had their private communications compromised,” including the phones of Donald Trump and JD Vance prior to the election. Consequently, Senate Intelligence Committee Chair Mark Warner (D-Va.) has described this major incident as the “most serious breach in our history.”
Cybersecurity Risks in the Telecom Industry
Telecom networks are high-priority, high-impact targets for cyberattacks. According to the Microsoft Digital Defense Report, cyberattacks against critical telecom infrastructure have risen 40% in two years. In the wake of the Salt Typhoon attacks, one senior administration official at the White House noted that the telecom industry is “in the bull’s-eye of nation-state programs,” with risks from surveillance and espionage to the potential to create disruption at a time of crisis or conflict as well.
The goals and tactics of telecom attacks vary, but the impact is potentially catastrophic regardless of motive.
Surveillence
The Salt Typhoon attacks are an alarming example of state-sponsored attacks meant to gather intelligence data; their campaign lasted over two years and security officials believe that the threat actors still maintain access to these compromised systems. The threat to telecom providers carries the weight of a threat to national security, with risks to intellectual property, trade agreements, and more.
“Communications of U.S. government officials ride on these private sector systems, which is why the Chinese were able to access the communications of some senior U.S. government and political officials. Until U.S. companies address the cybersecurity gaps, the Chinese are likely to maintain their access.” – Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology
Infrastructure Disruption
State actor attacks aren’t limited to reconnaissance and espionage. Bad actors could potentially control physical elements that can impact critical infrastructure and manipulate outcomes. One DDoS attack on North American telecom operators led to cell phone disruptions across almost a dozen cities, including Chicago, Los Angles, New York, and Houston. A prolonged communications blackout across major cities poses catastrophic risks to public safety and critical services: emergency response systems could fail, life-saving medical devices could lose connectivity, and essential urban infrastructure dependent on 5G networks could grind to a halt.
In 2023, Russian hackers were able to infiltrate Ukrainian telecom operator Kyivstar and knock out services for over 48 hours. According to Reuters, over 24 million customers were left without mobile services for several days, with the service loss also effectively shutting down other critical services, including air raid sirens, some banking services, ATMs, and point-of-sale terminals. Attackers would also have had access to location services, allowing them to track device location.
Data
Data is currency, and telecom providers have become custodians of humanity’s digital footprint. Telecom companies send and store data for billions of people and millions of organizations across the globe, and data exfiltration is table stakes for cyber criminals. The data harvested in some telecom attacks goes further than just the sale of information on the dark web, though, as evidenced by a 2023 data breach at Mint Mobile.
The exposed data from this particular attack contained SIM and International Mobile Equipment Identity (IMEI) numbers, which would allow a threat actor to conduct SIM swapping attacks, which is when an attacker ports a person’s number to their own device. Once they have access to the number, they can try to infiltrate user accounts with password resets and access to the multi-factor authentication OTP text codes. BleepingComputer notes that, “Threat actors commonly use this technique to breach accounts at cryptocurrency exchanges, stealing all assets stored in the online wallet.”
While the threat landscape is daunting, telecommunications providers are fighting back with innovative approaches to security. The experience of NOS, a leading Portuguese telecom provider, demonstrates how modern security solutions can effectively protect critical infrastructure at scale.
NOS and Censys: A Real-Life Example of Securing Telecom Infrastructure
NOS is a leading Portuguese telecom and technology provider that manages approximately 2 million registered IP addresses, many connected to critical infrastructure. They came to Censys needing a way to enhance their security posture and protect their brand.
NOS’s environment includes cloud services, IoT systems, and emerging 5G infrastructure, making it vital to identify unknown exposures and prioritize high-risk vulnerabilities. Existing security tools were creating overwhelming alerts and false positives, leaving critical risks unaddressed; they needed a centralized solution to cut through the noise and guide real-time remediation efforts.
Censys enabled NOS to aggregate and analyze internal, cloud, and customer-facing assets, significantly improving threat detection, response, and overall cyber risk posture. By gaining comprehensive visibility into all internet-facing assets and the ability to investigate threat actor infrastructure to minimize exposure, they are able to mitigate risks across their ecosystem and protect against emerging threats.
“With Censys, we assess risks within our domain and beyond, securing our partnerships and public cloud environments. “ – Diogo Gonçalves, Cyber Defense Team Lead, NOS
Check out the full NOS story here to get more details on how Censys is helping solve security challenges in the telecom industry.