In an era where digital communications are the lifeblood of business and personal interactions, public telecom networks represent a desirable stratum for threat actors.  

Cyber-criminals and nation-state actors are focusing their attention on telecommunications infrastructure, given the critical nature of these systems and the vast amounts of sensitive data they handle.

In fact, the frequency and sophistication of attacks against telecommunications providers are increasing at alarming levels: BlackBerry thwarted 3.7 million cyber-attacks in 2024, averaging 43,500 attacks per day over three months.

A recent example of a cyberespionage campaign linked to foreign governments includes Salt Typhoon, which successfully targeted national telecom providers and exploited their networks to intercept the communications of political figures in the Trump election campaign.

Said to be lurking in telecoms networks for more than a year, this wasn’t a case of mere data theft. Instead, attackers tapped into real-time data streams, intercepted voice calls and SMS messages, and mined communications metadata to extract intelligence.  

Ultimately, an attack like Salt Typhoon is a warning sign for your organisation. It reveals a level of risk most never intended to take: the risk that secrets that give you a competitive advantage — in the marketplace or on the battlefield — are likely being monitored and could be too easily exposed.

With the threat of cyber espionage growing, prioritisation of end-to-end encryption and secure-by-design technologies will be vital, alongside employee training to strengthen human defences and provide defense in depth.

Collaboration between governments, telecom providers, and organisations will also be critical to share threat intelligence and standardise security protocols.

Achieving enterprise-level security for communications and metadata 

Threat actors are seeking to target vulnerable telecom networks and communications tools to exploit vulnerable infrastructure and access metadata, which reveal critical insights into communication patterns and behaviours.

Specifically, bad actors seek to exploit Call Detail Records (CDRs) or Message Detail Records (MDR) to map out communication patterns—who is talking to whom, at what times, and for how long. This also applies to metadata derived from consumer-grade messaging apps, like WhatsApp and Messenger, which include location, profile, phone numbers, call timings, groups you belong to and more, all of which can be used to add credibility to their campaigns.   

While these messaging apps make real-time communications accessible, connected, and sometimes also encrypted, we cannot forget that these tools were designed for accessibility and low cost. The trade-offs in the authentication/verification of identities and the lack of robust access control can leave sensitive data inherently vulnerable, without enterprise grade compliance controls. 

Access to communication and behaviour patterns can expose organisational workflows, relationships, and provide malicious entities with strategic insight.

Salt Typhoon’s operations underscore these dangers, proving how metadata access can escalate to intercepting live calls, capturing sensitive data, and tailoring further attacks. Their access to call records and communication flows demonstrates how metadata serves as a foundation for more sophisticated breaches and more convincing attacks.  

Providing military-grade protection for global enterprises 

The solution lies in encryption and certified cryptographic authentication, which is crucial for ensuring secure communication channels, protecting your metadata, and preventing identity spoofing, identity fraud, and deepfakes, all with the surety of recognised certifications.  

First, a military-grade system is needed to provide end-to-end encryption for voice calls and messages, enabling secure communication across international networks. This is vital in critical industries like government, healthcare, and financial services to protect calls from foreign networks to standard mobile or VoIP phones.  

Secure communications tools will restrict access within public communications networks – offering end-to-end encryption on voice calls, text messages, and video calls, while preventing unauthorised interception of communications.

To ensure the person you’re talking to is authentic, your secure communications solution should provide cryptographic validation of user identities that can stop identity spoofing attempts and remove the uncertainty of consumer solutions that allow self-registration and do not have any additional verification of identities. 

This will provide staff with direct and secure access to internal applications; while ensuring they can use their smartphones for encrypted contact inside and outside of the network, regardless of location or device.

In addition to investing in robust secure communications solutions, it’s just as important to educate internal teams about the risks associated with public telecom networks, and the appropriate use of personal communication apps at work. As espionage tactics evolve, so must your workforce’s vigilance in protecting sensitive information. 

Looking ahead, the evolving threat landscape makes it clear that relying on the standard security protocols of telecom and communications providers to protect your data is a risky proposition. Salt Typhoon’s breach of nine telecom providers didn’t just expose weak points in infrastructure, it sounded an alarm for governments, organisations and business leaders worldwide. 

Paul Webber Senior Director of Product Management BlackBerry