T-Mobile Breach: LAPSUS$ was Able to Access Source Code

The Lapsus$ extortion gang is one of the more active hacking groups in 2022. Despite previous arrests, the group didn't stop its rampage within the world wide web.

The group has added yet another one to its list of hacked companies in the form of T-Mobile.

A recent report from Tech Crunch mentioned that the extortion group successfully hacked T-Mobile's servers, gaining information that could negatively affect the company and its customers.

T-Mobile is the seventh company the extortion gang attacked in the past four years following the data breach on software consultancy giant Globant on March 31.

T-Mobile Data Breach Details

According to Tech Crunch's report, Brian Krebs of Krebs on Security first discovered and revealed the security incident after obtaining a week's worth of private chat messages between the extortion group's core members in a private Telegram channel.

The members of the extortion group sent the messages during the week before the arrests of the gang's most active members in March, which included a 16-year-old boy with autism who was said to be the group's leader.

The hackers were said to have gotten access to T-Mobile's servers through compromising employee accounts, either by buying leaked credentials or through social engineering. The credentials Lapsus$ hackers acquired gave them access to the company's internal tools used for managing customers' accounts, which includes Atlas. They then attempted to find T-Mobile accounts associated with people in the FBI and Department of Defense but were blocked by the additional checks placed on these accounts.

However, as the hackers were able to access T-Mobile's internal tools, the hacking group could reassign someone's mobile phone number to a device they controlled. This modus operandi, more commonly known as "SIM swapping," allows an attacker to intercept a target's text messages and phone calls, including links sent through SMS for password resets or one-time codes sent for multi-factor authentication, per Krebs on Security.

The hackers were also able to steal at least some of the company's proprietary source code, which consists of more than 30,000 source code repositories.

T-Mobile's Response

Although it has not responded to multiple requests for comment, T-Mobile assured news outlets that "no customer or government information" was accessed during the incident.

"Several weeks ago, our monitoring tools detected a bad actor using stolen credentials to access internal systems that house operational tools software," T-Mobile said in its statement. "The systems accessed contained no customer or government information or other similarly sensitive information, and we have no evidence that the intruder was able to obtain anything of value."

T-Mobile also added that its systems and processes worked as designed, with the intrusion "rapidly shut down and closed off." The company also rendered the compromised credentials, which the hackers used, obsolete, making it harder for Lapsus$ to get in the same way they did this time.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics