Lapsus$ Hackers Targeted T-Mobile

The Lapsus$ hacking group stole thousnads of user credentials using T-Mobile’s source code in a series of breaches that took place in March.  T-Mobile have confirmed that the hacking group gained access to their system “several weeks ago.” 

Lapsus$ is known for stealing data and then demanding a ransom not to publish or sell it. Lapsus$ is a cyber crime group that specialises in extortion attacks. It rose to prominence when it launched a ransomware attack against the Brazilian Ministry of Health in 2021, compromising sensitive data for millions of patients such as Covid-19 vaccine status.

T-Mobile stated that it mitigated the breach by terminating the hacking group’s access to the network and disabling the stolen credentials used in the breach.

The telecom company was responding to a report released by journalist Brian Krebs, who was able to access the internal chats from the private Telegram channel of the Lapsus$ members responsible for the attacks. Private chats uncovered by Krebs revealed that the Lapsus$ hacking group get hold of the T-Mobile VPN credentials on illicit platforms, including one known as Russian Market.  

Using these credentials Lapsus$ members can get access to the company’s internal tools like, Atlas an internal T-Mobile tool for managing customer accounts.

According to screenshot messages posted by Krebs, Lapsus$ hackers also attempted to break into the FBI and Department of Defense’s T-Mobile accounts. They were ultimately unable to do so, as additional verification measures were required. 

The attacks carried out by Lapsus$ are not sophisticated, usually initiated by the stolen credentials from underground marketplaces and then an attempt to bypass the multi-factor authentication using social-engineering schemes.

T-Mobile suffered several different data breaches since 2018, exposing the personal data of 23m customers in 2018. In 2019 1.26m prepaid customers were affected by a breach. In Aug 2021 T-Mobile suffered another data breach, where more than 40m customers were hacked and data stolen. Theses account belonged to former or prospective customer who had applied for credit with the company. 

The records of these customers were later put on sale where it became clear that  the breached data included Personal Identifiable Information including US Social Security Numbers, Phone Numbers and Security PINs.

Last month the  City of London police, which has been investigating the Lapsus$ hacking group, said that it has charged two teenagers with cyber offences. A 16-year-old and 17-year-old, who cannot be named for legal reasons,  were charged with unauthorised access to a computer with intent to impair the reliability of data, fraud by false representation and unauthorised access to a computer with intent to hinder access to data.  

Oodaloop:       Threatpost:     Threatpost:     The Verge:    Brian Krebs:      ITPro:     PSBE News Group:   

You Might Also Read: 

LAPSUS$ Hackers Claim Responsibility For Large Scale Corporate Attacks:

 

« Government Cloud On-Ramping
Hackers Are Blasting Facebook Users With Phishing Emails »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Landry & Associates

Landry & Associates

Landry & Associates is a multidisciplinary firm specializing in risk management, performance and technology management.

Tubitak

Tubitak

Tubitak is the scientific and technological research council of Turkey. Areas of research include information technology and security.

European Network for Cyber Security (ENCS)

European Network for Cyber Security (ENCS)

ENCS’s core focus is around educating and solving cyber security challenges in the development and operation of energy grids across Europe.

Independent Security Evaluators (ISE)

Independent Security Evaluators (ISE)

ISE is an independent security consulting firm headquartered in Baltimore, Maryland dedicated to securing high value assets for global enterprises and performing groundbreaking security research.

Fortanix

Fortanix

Fortanix Runtime Encryption keeps keys, data, and applications completely protected from external and internal threats.

Guardian Data Destruction

Guardian Data Destruction

Guardian Data Destruction provides a comprehensive suite of onsite e-data destruction services.

Council to Secure the Digital Economy (CSDE)

Council to Secure the Digital Economy (CSDE)

CSDE brings together companies from across the ICT sector to combat increasingly sophisticated and emerging cyber threats through collaborative actions.

OurCrowd

OurCrowd

OurCrowd is a leading equity crowdfunding platform for investing in global startups.

OriginalMy

OriginalMy

OriginalMy is a cybersecurity startup, focussed on digital governance and information authentication. Its mission is to prove authenticity using state-of-the-art cryptography and blockchain technology

Binare

Binare

Binare empowers companies all over the world to improve their IIot/IoT /Embedded cybersecurity posture and digital privacy.

Neosec

Neosec

We’re reinventing API security. Understanding behavior requires data, analytics, and intelligence. Neosec brings XDR techniques to application security.

Etisalat and (e&)

Etisalat and (e&)

Etisalat Group is one of the world’s leading telecom groups in emerging markets.

Secure Cyber Defense

Secure Cyber Defense

Secure Cyber Defense provides expert cybersecurity consulting and managed detection and response services to companies, local government, schools and universities.

PKI Solutions

PKI Solutions

PKI Solutions offers Public Key Infrastructure (PKI) products, services, and training to help ensure the security of organizations now and in the future.

Hartman Executive Advisors

Hartman Executive Advisors

Hartman Executive Advisors is an unbiased IT and cyber advisory firm uniquely designed to help mid-market executives maximize their IT investments.

UberEther

UberEther

UberEther are a dedicated group of software developers and consultants developing and deploying the next generation of identity management and cloud solutions.