Breaking News

Lapsus$ hackers breached T-Mobile's systems and stole its source code

Lapsus$ hackers breached T-Mobile's systems and stole its source code

The Lapsus$ hacking group stole T-Mobile's source code in a series of breaches that occurred in March, as first reported by Krebs on Security. T-Mobile confirmed the attack in a statement to The Verge, adding that "the accessed systems did not contain any customer or government information or other similar sensitive information."

In copies of private messages obtained by Krebs, the Lapsus$ hacking group discussed targeting T-Mobile in the week before the arrest of seven of its juvenile members. After purchasing employee credentials online, members can use the company's internal tools – such as Atlas, T-Mobile's customer management system – to swap SIMs. This type of attack involves hijacking the target's mobile phone number by transferring it to a device owned by the attacker. From there, the attacker can receive texts or calls received by that person's phone number, including any messages sent for multi-factor authentication.

According to screenshot messages posted by Krebs, the Lapsus$ hackers also attempted to break into T-Mobile accounts of the FBI and Department of Defense. They were ultimately unable to do so, as additional verification measures were needed.

"Several weeks ago, our surveillance tools detected a bad actor using stolen credentials to access internal systems," T-Mobile said in an emailed statement to The Verge. "Our systems and processes worked as designed, intrusions were rapidly detected and stopped, and the compromised credentials used became obsolete."

T-Mobile has been the victim of several attacks over the years. Although this particular hack did not affect customer data, previous incidents did. In August 2021, a breach exposed personal information belonging to more than 47 million customers, while another attack just months later compromised a "small number" of customer accounts.

Lapsus$ has made a name for itself as a hacking group that primarily targets the source code of large technology companies such as Microsoft, Samsung and Nvidia. The group, which is reportedly led by a teen mastermind, has also targeted Ubisoft, Apple Health partner Globant and certification company Okta.

No comments