{"id":57815,"date":"2024-12-05T01:36:40","date_gmt":"2024-12-05T01:36:40","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\/"},"modified":"2024-12-05T01:36:40","modified_gmt":"2024-12-05T01:36:40","slug":"t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\/","title":{"rendered":"T-Mobile US CSO: Spies jumped from one telco to another in a way &#8216;I&#8217;ve not seen in my career&#8217;"},"content":{"rendered":"<p><span class=\"label\">interview<\/span> While Chinese-government-backed spies maintained access to US telecommunications providers&#8217; networks for months \u2013 and in some cases still haven&#8217;t been booted out \u2013 T-Mobile US thwarted successful attacks on its systems &#8220;within a single-digit number of days,&#8221; according to the carrier&#8217;s security boss Jeff Simon.<\/p>\n<p>T-Mo&#8217;s CSO, in an interview with <em>The Register<\/em> Wednesday, declined to make public the exact timeline of the intrusion attempts by the Beijing-run crew. &#8220;They were active for a single-digit number of days, and it was within the last couple of months,&#8221; was all he would reveal.<\/p>\n<p>Simon spoke with <em>El Reg<\/em> a day after FBI and CISA officials briefed reporters on the <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/11\/14\/salt_typhoon_hacked_multiple_telecom\/\" rel=\"noopener\">massive<\/a> cyber-espionage campaign, during which China-affiliated snoops successfully broke into several US telecom companies&#8217; networks, <a href=\"https:\/\/www.theregister.com\/2024\/10\/11\/us_lawmakers_salt_typhoon\/\">compromised<\/a> wiretapping systems used by law enforcement, and used that access to <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/11\/25\/salt_typhoon_mark_warner_warning\/\" rel=\"noopener\">steal<\/a> customers&#8217; call records and metadata.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1EHZe3YiF9DonCTha9IZwAAAQI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1EHZe3YiF9DonCTha9IZwAAAQI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>A Chinese government-linked group dubbed Salt Typhoon is believed to be behind the attacks. It&#8217;s <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/10\/07\/verizon_att_lumen_salt_typhoon\/\" rel=\"noopener\">understood<\/a> Verizon, AT&amp;T, and Lumen Technologies, at least, were hit by the crew.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Z1EHZe3YiF9DonCTha9IZwAAAQI&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Z1EHZe3YiF9DonCTha9IZwAAAQI&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Z1EHZe3YiF9DonCTha9IZwAAAQI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Z1EHZe3YiF9DonCTha9IZwAAAQI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>While the Feds confirmed during their Tuesday briefing that the Chinese intruders didn&#8217;t use any zero-day exploits or &#8220;novel techniques&#8221; to gain access to the networks, Simon told us the way the cyber-spies tried, ultimately unsuccessfully, to break into T-Mobile US was unique.<\/p>\n<blockquote class=\"pullquote\" readability=\"5\">\n<p>That&#8217;s not something that I&#8217;ve seen in my 15-plus-year career in cybersecurity<\/p>\n<\/blockquote>\n<p>Late last week, Simon <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/11\/27\/tmobile_cyberattack_victory_lap\/\" rel=\"noopener\">disclosed<\/a> that whoever was trying to access T-Mobile US&#8217;s inner systems compromised an unnamed wireline provider&#8217;s network that was connected to T-Mo, and used this access for multiple infiltration attempts that we&#8217;re told were ultimately blocked. He won&#8217;t name the third-party carrier.&nbsp;<\/p>\n<p>&#8220;But the technique that was used to go from one telecommunications infrastructure to another, I would say, is novel,&#8221; Simon told us. &#8220;That&#8217;s not something that I&#8217;ve seen in my 15-plus-year career in cyber security. It&#8217;s not something that is well published or read about. There&#8217;s no CVE for it.&#8221;<\/p>\n<p>The FBI began investigating security breaches at US telecommunications providers in late spring and early summer. &#8220;We cannot say with certainty that the adversary has been evicted, because we still don&#8217;t know the scope of what they&#8217;re doing,&#8221; Jeff Greene, CISA&#8217;s executive assistant director for cyber security, told journos on Tuesday.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Z1EHZe3YiF9DonCTha9IZwAAAQI&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Z1EHZe3YiF9DonCTha9IZwAAAQI&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;We see ourselves as a bit of an outlier here versus what&#8217;s been reported about the other telecoms,&#8221; Simon told <em>The Register<\/em>, adding that the would-be intruders <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/11\/18\/tmobile_us_attack_salt_typhoon\/\" rel=\"noopener\">did not access<\/a> any sensitive customer data such as calls, voicemails, and texts, nor did they disrupt any T-Mo services.&nbsp;<\/p>\n<div class=\"boxout\" readability=\"26\">\n<p><em><strong>In a briefing with media on Wednesday&#8230;<\/strong><\/em> Senior White House officials said eight telecoms providers in America have been hit by Salt Typhoon one way or another, as well as organizations in &#8220;dozens of countries around the world.&#8221;<\/p>\n<p>\u201cWe believe this is a Chinese espionage program focused, again, on key government officials, and corporate intellectual property,&#8221; said Anne Neuberger, the US deputy national security adviser for cyber and emerging technologies.<\/p>\n<p>The spying has been ongoing for one or two years, officials said, and has hit networks in Europe, the Indo-Pacific region, and beyond.<\/p>\n<\/div>\n<p>T-Mobile US began hunting for Salt Typhoon in early summer, upon hearing reports from law enforcement and other operators about a &#8220;large, coordinated attack on telecommunications infrastructure,&#8221; Simon recalled.&nbsp;<\/p>\n<p>However, the un-carrier &#8220;saw no signs of the behavior indicative of the actor, Salt Typhoon, for many months,&#8221; he added. &#8220;It was only recently when we started to see a small bit of behavior that perhaps is consistent.&#8221;<\/p>\n<p>This included &#8220;reconnaissance-type behavior,&#8221; but Simon couldn&#8217;t definitely attribute the attempted snooping to Salt Typhoon. &#8220;We have no clue who was on the other side of that keyboard.&#8221;<\/p>\n<p>We understand miscreants managed to get into some edge network infrastructure devices including a T-Mo-operated router, but got no further as they were stopped there; as above, they <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.t-mobile.com\/news\/un-carrier\/update-cyberattacks-targeting-us-wireless-companies\">weren&#8217;t able<\/a> to get to customer information or services, we&#8217;re told.<\/p>\n<blockquote class=\"pullquote\" readability=\"7\">\n<p>We cannot say with certainty that the adversary has been evicted, because we still don&#8217;t know the scope of what they&#8217;re doing<\/p>\n<\/blockquote>\n<p>At this point, he&#8217;s confident whoever the intruders may be, they remain outside T-Mo&#8217;s systems: &#8220;The short answer is yes,&#8221; Simon declared.<\/p>\n<p>&#8220;We have confidence because we&#8217;re able to trace back the activity with a high degree of detail because it was such a short period,&#8221; the CSO told us. &#8220;We can go through every command that was run and look to see, hey, were they trying to establish secondary access points here? Where did they move, every device that they touched.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Z1EHZe3YiF9DonCTha9IZwAAAQI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Z1EHZe3YiF9DonCTha9IZwAAAQI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Simon declined to say how many of the carrier&#8217;s devices were accessed, only that &#8220;it is less than one percent of our telecommunications infrastructure.&#8221;<\/p>\n<p>Upon spotting the strange activity, T-Mobile US contacted the Feds and fellow telecom operators to share what it saw and hopefully help mitigate the snooping behavior.&nbsp;<\/p>\n<p>Simon credits T-Mo&#8217;s layered defense with stopping any espionage attempts targeting his customers and systems.<\/p>\n<p>&#8220;The idea of this really is that against a sophisticated adversary \u2013 someone of the level of Salt Typhoon \u2013 it&#8217;s unlikely that we&#8217;re going to pitch a perfect game. They have extremely sophisticated capabilities, zero-day vulnerabilities that we don&#8217;t even know exist, and you&#8217;re going to have a situation where they have some level of success. We design our controls to assume that&#8217;s going to happen. And when they have success, we want to contain them, and we want to force them to have the hardest time possible.&#8221;<\/p>\n<blockquote class=\"pullquote\" readability=\"6\">\n<p>You&#8217;re going to have a situation where they have some level of success. We design our controls to assume that&#8217;s going to happen<\/p>\n<\/blockquote>\n<p>This includes implementing FIDO2 authentication for all T-Mo employees \u2013 &#8220;and it makes credential theft from our workforce extremely difficult,&#8221; Simon noted.&nbsp;<\/p>\n<p>In the case of credentials where FIDO2 can&#8217;t be deployed, T-Mobile US rotates the credentials &#8220;extremely regularly, and we see this directly impacting the attacker,&#8221; Simon told <em>The Reg<\/em>. &#8220;When they get into our environment, they struggle to get credentials. When they get them, we change the credentials on them very quickly, and that slows down their activity.&#8221;<\/p>\n<p>Plus, there&#8217;s the fact that T-Mobile US is a wireless-only carrier, so it doesn&#8217;t have the added burden of wireline networks and legacy technology that many network operators have to manage.<\/p>\n<h3 class=\"crosshead\">PS: Use encryption<\/h3>\n<p>Meanwhile, as other network operators struggle to mitigate the damage caused by Salt Typhoon and implement <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/resources-tools\/resources\/enhanced-visibility-and-hardening-guidance-communications-infrastructure\">hardening guidance<\/a> issued yesterday by the Feds and international friends, US officials urged folks to use strongly encrypted messaging and communications whenever possible to protect information from theft-in-transit and surveillance.<\/p>\n<p>&#8220;Encryption is your friend \u2013 whether it is on text messaging or if you have the capacity to use encrypted voice communications,&#8221; CISA&#8217;s Greene said. &#8220;Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible, if not really hard, for them to detect it. So, our advice is to try to avoid using plain text.&#8221;<\/p>\n<p>We agree, Uncle Sam. We agree. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2024\/12\/05\/tmobile_cso_telecom_attack\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security chief talks to El Reg as Feds urge everyone to use encrypted chat interview\u00a0 While Chinese-government-backed spies maintained access to US telecommunications providers&#8217; networks for months \u2013 and in some cases still haven&#8217;t been booted out \u2013 T-Mobile US thwarted successful attacks on its systems &#8220;within a single-digit number of days,&#8221; according to the carrier&#8217;s security boss Jeff Simon.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-57815","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>T-Mobile US CSO: Spies jumped from one telco to another in a way &#039;I&#039;ve not seen in my career&#039; 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"T-Mobile US CSO: Spies jumped from one telco to another in a way &#039;I&#039;ve not seen in my career&#039; 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-12-05T01:36:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1EHZe3YiF9DonCTha9IZwAAAQI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"T-Mobile US CSO: Spies jumped from one telco to another in a way &#8216;I&#8217;ve not seen in my career&#8217;\",\"datePublished\":\"2024-12-05T01:36:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\\\/\"},\"wordCount\":1222,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1EHZe3YiF9DonCTha9IZwAAAQI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\\\/\",\"name\":\"T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career' 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1EHZe3YiF9DonCTha9IZwAAAQI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2024-12-05T01:36:40+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1EHZe3YiF9DonCTha9IZwAAAQI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1EHZe3YiF9DonCTha9IZwAAAQI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"T-Mobile US CSO: Spies jumped from one telco to another in a way &#8216;I&#8217;ve not seen in my career&#8217;\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career' 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\/","og_locale":"en_US","og_type":"article","og_title":"T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career' 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-12-05T01:36:40+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1EHZe3YiF9DonCTha9IZwAAAQI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"T-Mobile US CSO: Spies jumped from one telco to another in a way &#8216;I&#8217;ve not seen in my career&#8217;","datePublished":"2024-12-05T01:36:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\/"},"wordCount":1222,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1EHZe3YiF9DonCTha9IZwAAAQI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\/","url":"https:\/\/www.threatshub.org\/blog\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\/","name":"T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career' 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1EHZe3YiF9DonCTha9IZwAAAQI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2024-12-05T01:36:40+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1EHZe3YiF9DonCTha9IZwAAAQI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1EHZe3YiF9DonCTha9IZwAAAQI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/t-mobile-us-cso-spies-jumped-from-one-telco-to-another-in-a-way-ive-not-seen-in-my-career\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"T-Mobile US CSO: Spies jumped from one telco to another in a way &#8216;I&#8217;ve not seen in my career&#8217;"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57815","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=57815"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57815\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=57815"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=57815"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=57815"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}