Over the weekend, T-Mobile was on the headlines after reports of a security breach orchestrated by a group of teenagers. T-Mobile has since confirmed the attack and said that the “systems accessed contained no customer or government information or other similarly sensitive information.”
The incident was first reported by Krebs on Security, who revealed that the Lapsus$ hacking group managed to steal T-Mo’s source code in March. The report was able to share private messages between the seven members of the hacking group as they discussed targeting the Un-carrier. The Verge reported on the arrest of the teenage members shortly after the breach.
As it turns out, the hackers were able to access T-Mo’s internal tools after purchasing the credentials of an employee. They used this information to get into T-Mo’s customer management system, Atlas, and do SIM swaps. This allowed the hackers to gain control over the texts and calls of their victims, including multi-factor authentication messages.
A screenshot in the report also showed that the hackers attempted to get into the T-Mobile accounts of the FBI and Department of Defense. The group was unable to get into these accounts since additional verification measures were needed.
In an email to The Verge, T-Mobile talked about the attack and what the hackers were able to access:
“Several weeks ago, our monitoring tools detected a bad actor using stolen credentials to access internal systems that house operational tools software. Our systems and processes worked as designed, the intrusion was rapidly shut down and closed off, and the compromised credentials used were rendered obsolete.”
Other than T-Mobile, Lapsus$ has targeted other companies such as Microsoft, Nvidia, Samsung, Ubisoft, Globant, and Okta.
Source: The Verge