And what else is new?
I work in telcos for some time and I know that everything is hacked one way or the other.
Governa oblige telcos to tap networks, even if unconstitutional, and even the most respectful countries do it, and if you fail to provide what they want, your license is revoked. At least the Chinese and Russians are honest and the rules are clear and written in the law.
This aside you don’t need to be super sufisticated hacker, how many telcos do a proper background checks on their employees? How many actually have some control? Plenty of cases that employees leave the companies and still have valid and valuable information that can be used easily, as for network admins, is common they leave backdoors like vpn themselves, even to do basic stuff like running torrents at nice speeds. Trust me this is way more common than you think! So would be a piece of cake to get someone employed to do this. Telcos are struggling to get people to work, there is a shortage, so they accept anything these days, and there are very commonly brainless people with privilege access, the service delivery teams is the optimum place, little control, highly transactional, large teams and core access to provision new services, that could very well be a vpn somewhere, no one will notice.
Then there are the poor security practices, starting by lazy leadership that are always the first to break the rules. Typical case all employees have a windows laptop with ad and gpos... except all board of directors and senior leadership that want a Mac and the company can’t monitor those devices properly, but who is going to say the boss is stupid and putting the company at risk?
Finally there are all the backdoors and exploits that can be used in endless tons of old and out of support equipment. Telcos have thousands and thousands of devices out there, is impossible to have the resources to efficiently update the devices, not to mention that that requires planned works and sign off from stake holders, customers and whatever more because of the SLAs and the ITIL processes.
All of this to say that hacking telcos, specially the big ones, is a walk in the park and even a regulator requirement, leave the poor Chinese be :)