PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Suspected Chinese Hackers Targeted T-Mobile Via a Compromised Carrier

T-Mobile has severed its connection to the unnamed wireline provider, which it suspects may still be compromised.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Photo by Jaap Arriens/NurPhoto via Getty Images)

T-Mobile says it stopped an intrusion potentially linked to China’s “Salt Typhoon” group after hackers tried to infiltrate the company through another carrier.  

“Within the last few weeks, we detected attempts to infiltrate our systems by bad actors. This originated from a wireline provider’s network that was connected to ours,” T-Mobile Chief Security Officer Jeff Simon wrote on Wednesday. 

The company shared the details to push back on media reports that China’s Salt Typhoon group had compromised T-Mobile, in addition to AT&T, Verizon, and ISP Lumen Technologies.  

“Many reports claim these bad actors have gained access to some providers’ customer information over an extended period of time – phone calls, text messages, and other sensitive information, particularly from government officials. This is not the case at T-Mobile,” Simon said. 

T-Mobile can’t say if its own encounters with the hackers came from China’s Salt Typhoon group. However, the company’s defenses stopped the culprits from “advancing” and prevented them from stealing any sensitive customer information or causing a disruption.

“We quickly severed connectivity to the provider’s network as we believe it was—and may still be—compromised,” Simon said.

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

The detail offers a hint about how Salt Typhoon orchestrated what one US senator has described as the “worst telecom hack” in the country’s history. Chinese hackers may have compromised one US telecommunications company and then used its trusted network as a launching pad to infiltrate more providers. 

According to Senator Mark Warner (D-Virginia), the Chinese hackers remain in US networks despite the FBI’s ongoing effort to investigate the hacks. Kicking the Chinese hackers out won’t be easy either because it’ll require physically replacing thousands of outdated routers and switches inside US telecommunication networks, Warner said last week. 

By infiltrating US networks, the Chinese hackers were able to spy on phones belonging to top US officials, including President-elect Donald Trump and his VP JD Vance. In response, the White House convened a meeting last Friday with leaders from the major telecommunication firms to address the ongoing threat. 

In the meantime, T-Mobile’s Simon said on Wednesday: “We do not see these or other attackers in our systems at this time.” In an interview with Bloomberg, he also noted that T-Mobile’s engineers discovered unauthorized users running commands on the company’s network devices, possibly to probe the structure of the carrier’s network. 

“That was what initially clued us into some suspicious behavior, discovery-type commands being run on some of our routers and commands that have been known to be related to Salt Typhoon,” Simon said. 

Meanwhile, AT&T told PCMag last week: “We are working in close coordination with federal law enforcement, industry peers, and cyber security experts to identify and remediate any impact on our networks.”

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio