In an era where digital communications are the lifeblood of business and personal interactions, public telecom networks represent a desirable stratum for threat actors.
Cybercriminals and nation-state actors are focusing their attention on telecommunications infrastructure, given the critical nature of these systems and the vast amounts of sensitive data they handle. In fact, the frequency and sophistication of attacks against telecommunications providers are increasing at alarming levels – with BlackBerry thwarting 3.7 million cyberattacks, averaging 43,500 attacks per day over three months in 2024.
On top of this, attackers are rapidly employing more advanced tactics. A recent example includes a new telecoms threat carried out by APT41, a Chinese cyber-espionage group that targeted messaging apps such as WhatsApp. Uncovered by the BlackBerry Research and Intelligence Team, this campaign revealed an expanded toolset called DeepData, a modular, Windows-based surveillance framework that significantly enhances espionage capabilities.
Another recent example of a cyberespionage campaign linked to foreign governments includes Salt Typhoon, which successfully targeted national telecom providers and exploited their networks to intercept the communications of political figures in the Trump election campaign. Said to be lurking in telecoms networks for more than a year, this wasn’t a case of mere data theft. Instead, attackers tapped into real-time data streams, intercepted voice calls and SMS messages, and mined communications metadata to extract intelligence.
Ultimately, an attack like Salt Typhoon is a warning sign for your organisation. It reveals a level of risk most never intended to take: the risk that secrets that give you a competitive advantage — in the marketplace or on the battlefield — are likely being monitored and could be too easily exposed.
With the threat of cyber espionage growing, prioritization of end-to-end encryption and secure-by-design technologies will be vital, alongside employee training to strengthen human defences and provide defense in depth. Collaboration between governments, telecom providers, and organisations will also be critical to share threat intelligence and standardise security protocols. First of all, let’s delve into the growing goldmine for threat actors: Telecoms metadata.
Achieving enterprise-level security for communications and metadata
Threat actors are seeking to target vulnerable telecom networks and communications tools to exploit vulnerable infrastructure and access metadata, which reveal critical insights into communication patterns and behaviours.
Specifically, bad actors seek to exploit Call Detail Records (CDRs) or Message Detail Records (MDR) to map out communication patterns—who is talking to whom, at what times, and for how long. This also applies to metadata derived from consumer-grade messaging apps, like WhatsApp and Messenger, which include location, profile, phone numbers, call timings, groups you belong to and more, all of which can be useful to malicious actors to add better target and add credibility to their campaigns.
While these messaging apps make real-time communications accessible, connected, and sometimes also encrypted, we cannot forget that these tools were designed for accessibility and low cost. The trade-offs in the authentication/verification of identities and the lack of robust access control can leave sensitive data inherently vulnerable, without enterprise grade compliance controls.
Access to communication and behaviour patterns can expose organisational workflows, relationships, and provide malicious entities with strategic insight. For example, if a government leader communicates repeatedly with a particular advisor at specific or unusual times, it may signal a high-stakes decision or sensitive planning and reveal who they were collaborating with.
Salt Typhoon’s operations underscore these dangers, proving how metadata access can escalate to intercepting live calls, capturing sensitive data, and tailoring further attacks. Their access to call records and communication flows demonstrates how metadata serves as a foundation for more sophisticated breaches and more convincing attacks.
In addition to the intelligence value of the call patterns, a breach like this increases the risk of identity spoofing, deepfake voice creation, CEO fraud or other social engineering schemes that can be used in targeted attacks. With the metadata, malicious actors can now specifically spoof individuals with added detail including the numbers, names and timings/locations of collaborators they have been communicating with in the past.
Finally, metadata can also be used in “wiretapping” type targets, especially metadata generated by communications via “free” apps for voice calls and messaging. This is easily traded, fueling “wire-tapping-as-a-service” markets that are readily available for purchase on the internet.
While it’s clear that organisations must enhance mobile and communications security, where should IT leaders get started?
Providing military-grade protection for global enterprises
The solution lies in encryption and certified cryptographic authentication, which is crucial for ensuring secure communication channels, protecting your metadata, and preventing identity spoofing, identity fraud, and deepfakes, all with the surety of recognized certifications.
First, a military-grade system is needed to provide end-to-end encryption for voice calls and messages, enabling secure communication across international networks. This is vital in critical industries like government, healthcare, and financial services to protect calls from foreign networks to standard mobile or VoIP phones.
Secure communications tools will restrict access within public communications networks – offering end-to-end encryption on voice calls, text messages, and video calls, while preventing unauthorized interception of communications. To ensure the person you’re talking to is authentic, your secure communications solution should provide cryptographic validation of user identities that can stop identity spoofing attempts and remove the uncertainty of consumer solutions that allow self-registration and do not have any additional verification of identities.
This will provide staff with direct and secure access to internal applications; while ensuring they can use their smartphones for encrypted contact inside and outside of the network, regardless of location or device. With a secure communications platform, all this can be achieved without compromising sensitive data or disrupting workflow.
In addition to investing in robust secure communications solutions, it’s just as important to educate internal teams about the risks associated with public telecom networks, and the appropriate use of personal communication apps at work. As espionage tactics evolve, so must your workforce’s vigilance in protecting sensitive information.
Looking ahead, the evolving threat landscape makes it clear that relying on the standard security protocols of telecom and communications providers to protect your data is a risky proposition. Salt Typhoon’s breach of nine telecom providers didn’t just expose weak points in infrastructure, it sounded an alarm for governments, organisations and business leaders worldwide.
Securing communications isn’t merely a nice-to-have; it’s vital to protect sensitive information, safeguard businesses, and maintain national security. With the stakes so high, any solution you consider should provide end-to-end encryption for voice calls and messages and enable secure one-to-one and group communication across international networks. This will not only reduce the attack surface but also give businesses and their employees the confidence to operate as usual knowing their sensitive data and communications are protected.
