In an era where digital connectivity underpins both personal and business communications, telecom networks have become a prime target for nation-state hackers and advanced persistent threats (APTs). Groups like Salt Typhoon and APT41 are intensifying their efforts, exploiting vulnerabilities in legacy telecom infrastructure to conduct large-scale espionage and data theft.
The recent warnings from the FBI and CISA highlight a growing concern: telecom networks are not just conduits for communication but also repositories of sensitive metadata that can be weaponised. Unlike traditional cyberattacks targeting specific devices, these breaches allow attackers to access vast amounts of data, enabling surveillance, identity spoofing, and even real-time wiretapping.
In this interview, Paul Webber, Senior Director of Product Management at BlackBerry Cyber, sheds light on the escalating threat landscape, why telecom networks are increasingly vulnerable, and what recent high-profile breaches mean for the future of global cybersecurity.
Why are telecom networks increasingly becoming a prime target for nation-state hackers like Salt Typhoon and APT41?
The FBI and CISA’s warning about “broad and significant” espionage campaigns by China solidifies that telecom networks represent a desirable stratum for threat actors to target for years to come.
This shift is driven by the interconnectivity of legacy telecom networks and the troves of data they contain, which make them prime targets for threat actors. By compromising these networks, attackers have access to a more extensive range of targets, bypassing traditional security defences that are device-centric and any need for device-specific malware.
This trend will also likely increase the rate of interception in real-time communications, which puts truly classified information at risk. A prime example of this evolving threat is the recent Salt Typhoon wire-tapping incident, which intercepted court-ordered wiretaps and illustrated how telecom networks are becoming a primary vector for attackers.
An attack like Salt Typhoon offers a stark reminder that public telecom networks are primarily designed around reachability, which means security trade-offs often take place and can leave you inherently vulnerable. No doubt, telco and internet providers globally will be assessing vulnerable entry points and legacy systems comprehensively to boost resilience against espionage efforts.
The recent breaches of T-Mobile and other telecom networks by Salt Typhoon have been described as unprecedented. What makes these incidents “the worst” in history?
In an era where digital communication is the lifeblood of business and personal interactions, these latest security breaches have sent shockwaves through the telecoms industry due to their scale and potential long-lasting impact.
The AT&T security incident exposed the call and text records of around 110 million customers and exposed the potentially sensitive information of “nearly all” customers, including phone numbers of both cellular and landline customers, as well as records of calls and text messages. This leaked data is valuable for threat actors since publicly available tools can be used to link customer names with specific phone numbers, as well as to infer approximate locations.
The reality is this can lead to a host of other malicious activities. When a bad actor gets access to carrier metadata, such as call detail records or message detail records, breaches will increase the risk of identity spoofing that can be used in targeted attacks. With the metadata, bad actors can specifically spoof telecom subscribers with numbers they have already been communicating with.
Metadata can also be used in “wiretapping” type targets, especially metadata generated by communications via “free” apps for voice calls and messaging. This is easily traded, fueling “wire-tapping-as-a-service” markets that are readily available for purchase on the Internet.
Furthermore, this metadata can be used for blackmail. Let’s say the CEO or other high-ranking executive of a company often calls a person or place that could damage their reputation should word get out. For those higher-risk private individuals whose physical safety depends on their communications and location remaining confidential, such as journalists, activists, government workers and domestic abuse survivors, the potential threat may be greater still.
Ultimately, telecoms metadata remains a goldmine for cybercriminals. Even if the contents of calls and texts aren’t leaked, knowledge of the context behind these calls, such as who a person calls, how often and when, can be easily weaponised. Threat actors can figure out approximately where you live, where you work, who you talk to most often, and even if you call any potentially sensitive numbers.
How do these attacks impact national security and critical infrastructure resilience?
Attacks on telecom networks significantly impact national security and critical infrastructure resilience by exploiting their role as the backbone of communication and data exchange. These breaches enable adversaries to intercept sensitive communications, compromise personal and organisational data, and potentially disrupt critical services relied on by governments, defence operations, and critical industries.
Such attacks erode trust, undermine intelligence operations, and expose vulnerabilities that adversaries could exploit in future conflicts. The cascading effects can seriously hinder emergency responses, disrupt economic stability, and jeopardise critical sectors like healthcare, transport, and energy – all of which are dependent on secure connectivity.
Critical infrastructure resilience can, however, be bolstered by the adoption of advanced solutions, including secure communications platforms and AI-driven threat intelligence. These technologies can heighten the strength of telecom networks, ensuring they remain operational and secure against sophisticated threats and safeguarding national interests and public trust.
What should users and businesses know about the risks posed by telecom network breaches?
What we should be vigilant of in the immediate aftermath is how any exposed data can be used to conduct additional attacks. For example, even if the threat actor only obtained call pattern data of customers, this intelligence makes identity spamming a higher risk since bad actors can now specifically spoof subscribers with numbers and named individuals they have been communicating with already.
To combat these threats, cryptographic authentication is critical to securing communication channels, preventing identity fraud, and countering threats like deepfakes, which can easily emerge during massive breaches. A suitably secure system is needed to provide end-to-end encryption for voice calls and messages and enable secure one-to-one and group communication across international networks.
For critical industries like government, healthcare and financial services, protecting calls from foreign networks to standard mobile or VoIP phones is essential in today’s uncertain geopolitical climate. Implementing these measures will significantly strengthen the protection of sensitive information, enhance national security, and help uphold the integrity of democratic processes.
How can public awareness campaigns help mitigate the impact of these threats on individuals and enterprises?
Public awareness campaigns are vital in mitigating the impact of telecom network threats by educating individuals and enterprises about the risks and encouraging proactive security measures. To be effective, these campaigns must provide clear guidance on implementing appropriate security controls and monitoring for applications and infrastructure. Additionally, they should highlight alternative, more secure solutions that can either eliminate these risks entirely or significantly mitigate them.
Public awareness campaigns can empower users to recognise phishing attempts, secure personal devices, and adopt robust password and multi-factor authentication practices. For enterprises, they highlight the importance of implementing comprehensive cybersecurity strategies, regular software updates, and employee training to reduce vulnerabilities.
Awareness is the cornerstone of resilience. Campaigns that truly emphasise the consequences of telecom breaches and provide actionable guidance enable informed decision-making. They also foster collaboration between governments, enterprises, and technology providers to strengthen collective defences. By raising awareness and encouraging greater vigilance, public campaigns help build a culture of security, reducing the likelihood and impact of telecom-related cyberattacks on individuals and businesses alike.
Are there any signs or indicators that users can watch for to identify if their communications may be compromised?
It is not only espionage at the network level that is of concern; mobile spying is on the rise. People should review and reduce what they are sharing on so-called ‘free’ messaging apps like WhatsApp. The perceived security of popular communication apps like these will face growing scrutiny as their vulnerabilities become more apparent from recent threat incidents and many more likely in 2025 and beyond.
There are several signs that users can watch out for, which indicate potential compromise or interception of their communications. Unusual activity, like unsolicited or spurious messages from unknown contacts or warnings of suspected unauthorised access to accounts, can indicate a breach or illicit use of credentials.
We stress the importance of using secure communication platforms with strong encryption to safeguard against interception. Users should always verify the authenticity of messages, employ multi-factor authentication, and ensure that software and security patches are regularly updated to defend against vulnerabilities in communication systems.
What should users and businesses know about the risks posed by telecom network breaches?
What we should be vigilant of in the immediate aftermath is how any exposed data, if there is any in this case, can be used to conduct additional attacks. For example, even if the threat actor only obtained call pattern data of customers, this intelligence makes identity spamming a higher risk since bad actors can now specifically spoof subscribers with numbers they have been communicating with already.
To combat these threats, cryptographic authentication is critical to securing communication channels, preventing identity fraud, and countering threats like deepfakes, which can easily emerge during massive breaches. A military-grade secure system is needed to provide end-to-end encryption for voice calls and messages and enable secure one-to-one and group communication across international networks.
For critical industries like government, healthcare and financial services, protecting calls from foreign networks to standard mobile or VoIP phones is essential in today’s uncertain geopolitical climate. Implementing these measures will significantly strengthen the protection of sensitive information, enhance national security, and help uphold the integrity of democratic processes.
How can public awareness campaigns help mitigate the impact of these threats on individuals and enterprises?
Public awareness campaigns are vital in mitigating the impact of telecom network threats by educating individuals and enterprises about the risks and encouraging proactive security measures. Campaigns of this kind can empower users to recognise phishing attempts, secure personal devices, and adopt robust password and multi-factor authentication practices. For enterprises, they highlight the importance of implementing comprehensive cybersecurity strategies, regular software updates, and employee training to reduce vulnerabilities.
Awareness is the cornerstone of resilience. Campaigns that truly emphasise the consequences of telecom breaches and provide actionable guidance enable informed decision-making. They also foster collaboration between governments, enterprises, and technology providers to strengthen collective defences. By raising awareness and encouraging greater vigilance, public campaigns help build a culture of security, reducing the likelihood and impact of telecom-related cyberattacks on individuals and businesses alike.
Are there any signs or indicators that users can watch for to identify if their communications may be compromised?
It is not only espionage at the network level that is of concern; mobile spying is on the rise. People should think twice about what they are sharing on so-called ‘free’ messaging apps like WhatsApp and Signal. The perceived security of popular communication apps like these will face growing scrutiny as their vulnerabilities become more apparent in 2025.
There are several signs that users can watch out for, which indicate potential compromise of their communications. Unusual activity, like delayed message delivery, erratic system performance, or unauthorised access to accounts, can indicate a breach. Devices that suddenly overheat, experience faster battery drain, or exhibit unusual connectivity behaviour may also be compromised. Users should be aware of any alerts they receive about unrecognised login attempts from unfamiliar locations or devices, as it may signal that someone is attempting unauthorised access. An increase in phishing attempts or suspicious messages pretending to be from trusted sources is another red flag that users should be aware of.
We stress the importance of using secure communication platforms with strong encryption to safeguard against interception. Users should always verify the authenticity of messages, employ multi-factor authentication, and ensure that software and security patches are regularly updated to defend against vulnerabilities in communication systems.
