News
Mar 11, 2025

The telecom industry's growing exposure to third-party cyber risks: what you need to know

Third-party cyber risks are a growing concern for most businesses, as attackers show time and again that they have learned how to find a path to corporate networks or corporate data after compromising a vendor. There are few industries more uniquely exposed to this type of threat than telecoms.

A recent example can be found in the Salt Typhoon incidents that hit U.S. telcos in 2024. In their official page about the incident, T-Mobile states that the attempts to infiltrate their systems came from a wireline provider's network. While there aren't many details about the other victims, it wouldn't be surprising if the attacks also originated from vendors or providers they directly connect to.

Salt Typhoon is believed to be a nation-state actor, which means they have the luxury of being patient and thorough. They are also much more likely to choose their targets according to strategic goals instead of financial gain.

The fact that telecom service providers have strategic value for sophisticated attackers is the first reason why businesses in this space are more exposed to third-party risk. A dedicated adversary searching for a way into a specific target is more likely to look for vulnerabilities or advantages that can be gained from hitting their partners and services they use first.

Unfortunately, it is not the only reason.

A critical infrastructure on multiple fronts

People have integrated the internet deeply into their daily lives and tasks, to the point where most countries could no longer function properly without it. Therefore, telecom providers are a critical third party to a large majority of citizens and businesses of a nation.

This is part of the reason why they have strategic value to nation-state actors, of course, but we must also consider the many ways in which their role can be exploited by other attackers.

Recent wiretap hacks in the United States were meant to gather intelligence on a small number of customers from each telecom provider. Since politicians and prominent executives are certainly among their customers, it's easy to see why this is an attractive approach for a malicious actor.

While this is already concerning, many would also suffer greatly from service disruptions. If multiple services (like voice and data) were to become unavailable at the same time, modern businesses would grind to a halt.

That is why telecom providers have been frequent victims in the Russo-Ukrainian war. A recent incident from 2025 involved Rostelecom, which announced an investigation after a hacking group allegedly released the company's data, while Nodex, another provider, suffered a destructive attack. Ukrainian telecom providers have been hit by similar attacks over the years.

In other words, telecom providers become targets because they:

  • Hold valuable data about individuals and businesses, which can be useful to attackers
  • Tend to be large companies with resources that can be exploited for other gains or operations (such as hiding the source of further cyberattacks)
  • They maintain a service that must be reliable for society to function.

Despite this, telecom providers aren't monoliths. They are part of an ecosystem.

Many pieces and third parties

From billing to cables to routers, to customer experience and support, telecom providers need to acquire software and hardware from several different vendors to power their operations.

Maintaining this infrastructure also involves a significant amount of labor, which can be outsourced or carried out via partnerships with equipment vendors and their network of authorized service providers. Sometimes, outsourcing is required to effectively manage seasonal demand or scale operations during emergencies.

Many customers are also enticed by value-added bundles. This often allows telecom providers to avoid providing a service that is seen as a commodity. These additional features or packages usually require some form of data sharing, API access, or other integrations. 

Whenever possible, partners should be covered by a third-party cyber risk management (TPCRM) program to avoid reputational and legal risks — whether these risks arise from commercial arrangements or operational needs.

Connectivity is not optional

Most businesses can choose to have limited exposure to external entities. Telecom providers, however, must by definition allow their networks to be connected to others. As a rule, telecom operators must make peering agreements or buy traffic from upstream providers to deliver the services that customers expect.

There are several instances where this has been shown to be problematic. Networking protocols sometimes assume that all parties are trustworthy, but that's not always true. Not only are there situations where companies go "rogue," but networks compromised by cyberattacks can be exploited in unexpected ways.

Sometimes, the issues are present due to shortcomings in the protocol design or unforeseen scenarios resulting from service extensions. For example, voice over IP services have been linked to incidents that defeated multi-factor authentication through caller ID spoofing.

The same has been true when it comes to SS7 attacks. Thanks to rogue and compromised networks, vulnerabilities in the protocol have forced telecom providers to implement mitigation or workarounds.

The Border Gateway Protocol (BGP) has also been at the core of suspicious events. A BGP configuration leak routed European mobile traffic through China Telecom in 2019, among other examples. In 2024, the White House kickstarted an effort to try to fix BGP.

The bottom line

Besides being a complex sector, telecommunication is attracting sophisticated attackers who are willing to scour every nook and cranny of their target's attack surface — including third parties, vendors, employees, and more. Unmanaged risks can be very damaging because customers rarely differentiate between incidents that take place at a third party and the provider that they use.

Although telecom providers are facing unique challenges, they're not the only ones that need a third-party cyber risk management program. As such, there are third-party cyber risk management solutions that can be used to streamline the task for all kinds of businesses. Once you understand the challenges, it will be easier to understand the value of TPCRM and how to build or improve your processes to mitigate third-party risk.

Share
Latest Posts
Key trends for third-party cyber risk management in 2025
Read more
Looking back at third-party breaches and vendor cybersecurity incidents in 2024
Read more
Going hands-on with third-party collaboration for cybersecurity
Read more