Lapsus$ Hackers Targeted T-Mobile

The Lapsus$ hacking group stole thousnads of user credentials using T-Mobile’s source code in a series of breaches that took place in March.  T-Mobile have confirmed that the hacking group gained access to their system “several weeks ago.” 

Lapsus$ is known for stealing data and then demanding a ransom not to publish or sell it. Lapsus$ is a cyber crime group that specialises in extortion attacks. It rose to prominence when it launched a ransomware attack against the Brazilian Ministry of Health in 2021, compromising sensitive data for millions of patients such as Covid-19 vaccine status.

T-Mobile stated that it mitigated the breach by terminating the hacking group’s access to the network and disabling the stolen credentials used in the breach.

The telecom company was responding to a report released by journalist Brian Krebs, who was able to access the internal chats from the private Telegram channel of the Lapsus$ members responsible for the attacks. Private chats uncovered by Krebs revealed that the Lapsus$ hacking group get hold of the T-Mobile VPN credentials on illicit platforms, including one known as Russian Market.  

Using these credentials Lapsus$ members can get access to the company’s internal tools like, Atlas an internal T-Mobile tool for managing customer accounts.

According to screenshot messages posted by Krebs, Lapsus$ hackers also attempted to break into the FBI and Department of Defense’s T-Mobile accounts. They were ultimately unable to do so, as additional verification measures were required. 

The attacks carried out by Lapsus$ are not sophisticated, usually initiated by the stolen credentials from underground marketplaces and then an attempt to bypass the multi-factor authentication using social-engineering schemes.

T-Mobile suffered several different data breaches since 2018, exposing the personal data of 23m customers in 2018. In 2019 1.26m prepaid customers were affected by a breach. In Aug 2021 T-Mobile suffered another data breach, where more than 40m customers were hacked and data stolen. Theses account belonged to former or prospective customer who had applied for credit with the company. 

The records of these customers were later put on sale where it became clear that  the breached data included Personal Identifiable Information including US Social Security Numbers, Phone Numbers and Security PINs.

Last month the  City of London police, which has been investigating the Lapsus$ hacking group, said that it has charged two teenagers with cyber offences. A 16-year-old and 17-year-old, who cannot be named for legal reasons,  were charged with unauthorised access to a computer with intent to impair the reliability of data, fraud by false representation and unauthorised access to a computer with intent to hinder access to data.  

Oodaloop:       Threatpost:     Threatpost:     The Verge:    Brian Krebs:      ITPro:     PSBE News Group:   

You Might Also Read: 

LAPSUS$ Hackers Claim Responsibility For Large Scale Corporate Attacks:

 

« Government Cloud On-Ramping
Hackers Are Blasting Facebook Users With Phishing Emails »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Teneo

Teneo

Teneo is a Solutions Provider focused on reducing complexity. We combine leading technology with deep expertise to create new ideas on how to simplify IT operations.

Law Enforcement Cyber Center (LECC)

Law Enforcement Cyber Center (LECC)

LECC is designed to assist police, digital forensic investigators, detectives, and prosecutors who are investigating and preventing crimes that involve technology.

ERNW

ERNW

ERNW is an independent IT Security service provider with a focus on consulting and testing in all areas of IT security.

MindPoint Group (MPG)

MindPoint Group (MPG)

MindPoint Group is a specialist Information Security Consulting firm.

Cyber Resilient Energy Delivery Consortium (CREDC)

Cyber Resilient Energy Delivery Consortium (CREDC)

CREDC performs multidisciplinary R&D in support of the Energy Sector Control Systems Working Group’s Roadmap of resilient Energy Delivery Systems (EDS).

National Cyber Security Center (NCSC) - Hungary

National Cyber Security Center (NCSC) - Hungary

The National Cyber Security Center was established in 2015 by uniting the GovCERT-Hungary, National Electronic Information Security Authority (NEISA) and the Cyber Defence Management Authority (CDMA).

ICT Reverse

ICT Reverse

ICT Reverse is one of the UK’s leading, fully accredited providers of ICT asset disposal and secure data erasure.

Conference Index

Conference Index

Conference Index provides an indexed listing of upcoming meetings, seminars, congresses, workshops, summits and symposiums across a wide range of subjects including Cybersecurity.

Maven Security Consulting

Maven Security Consulting

Maven Security Consulting helps companies secure their information assets and digital infrastructure by providing a wide range of customized consulting and training services.

ditno

ditno

ditno uses machine learning to help you build a fully governed and micro-segmented network. Dramatically mitigate risk and prevent lateral movement across your organisation – all from one centralised

Binare

Binare

Binare empowers companies all over the world to improve their IIot/IoT /Embedded cybersecurity posture and digital privacy.

BIG Cyber

BIG Cyber

BIG Cyber is a specialized Managed Security Service Provider (MSSP) dedicated to bringing military grade cyber security technology to the gaming industry.

Feroot Security

Feroot Security

Feroot Security secures client-side web applications so that businesses can deliver a flawless user experience to their customers. Our products help organizations protect their client-side surface.

SOOS

SOOS

SOOS is the easy-to-integrate software security solution for your whole team. Build, catch, and fix vulnerabilities with SOOS Software Composition Analysis.

Birch Cline Cybersecurity

Birch Cline Cybersecurity

Birch Cline specializes in helping Local Government and Education agencies, as well as mid-market organizations, build and maintain successful cybersecurity programs.

WPScan

WPScan

With WPScan, you'll be the first to know about vulnerabilities affecting your WordPress installation, plugins, and themes.