This interview discusses potential vectors: https://www.cybersecuritydive.com/news/tmobile-salt-typhoon-...