T-Mobile has confirmed being targeted by the Chinese threat group Salt Typhoon (also known as Earth Estries), part of a broader cyber-espionage campaign against U.S. telecom firms, including AT&T and Verizon. The campaign, active since 2020, aims to harvest cellular data from high-value targets and exploit vulnerabilities in telecommunications infrastructure, such as Microsoft Exchange and QConvergeConsole, using advanced tools like Cobalt Strike, TrillClient, and custom backdoors. Attack techniques include credential theft, lateral movement, and data exfiltration via anonymized services, with persistence ensured through scheduled tasks and periodic tool updates. Despite no significant customer data impact reported by T-Mobile, the U.S. government warns of widespread compromises affecting government and political actors, highlighting the threat's strategic sophistication and adaptability.