Lapsus$ Hackers Targeted T-Mobile

The Lapsus$ hacking group stole thousnads of user credentials using T-Mobile’s source code in a series of breaches that took place in March.  T-Mobile have confirmed that the hacking group gained access to their system “several weeks ago.” 

Lapsus$ is known for stealing data and then demanding a ransom not to publish or sell it. Lapsus$ is a cyber crime group that specialises in extortion attacks. It rose to prominence when it launched a ransomware attack against the Brazilian Ministry of Health in 2021, compromising sensitive data for millions of patients such as Covid-19 vaccine status.

T-Mobile stated that it mitigated the breach by terminating the hacking group’s access to the network and disabling the stolen credentials used in the breach.

The telecom company was responding to a report released by journalist Brian Krebs, who was able to access the internal chats from the private Telegram channel of the Lapsus$ members responsible for the attacks. Private chats uncovered by Krebs revealed that the Lapsus$ hacking group get hold of the T-Mobile VPN credentials on illicit platforms, including one known as Russian Market.  

Using these credentials Lapsus$ members can get access to the company’s internal tools like, Atlas an internal T-Mobile tool for managing customer accounts.

According to screenshot messages posted by Krebs, Lapsus$ hackers also attempted to break into the FBI and Department of Defense’s T-Mobile accounts. They were ultimately unable to do so, as additional verification measures were required. 

The attacks carried out by Lapsus$ are not sophisticated, usually initiated by the stolen credentials from underground marketplaces and then an attempt to bypass the multi-factor authentication using social-engineering schemes.

T-Mobile suffered several different data breaches since 2018, exposing the personal data of 23m customers in 2018. In 2019 1.26m prepaid customers were affected by a breach. In Aug 2021 T-Mobile suffered another data breach, where more than 40m customers were hacked and data stolen. Theses account belonged to former or prospective customer who had applied for credit with the company. 

The records of these customers were later put on sale where it became clear that  the breached data included Personal Identifiable Information including US Social Security Numbers, Phone Numbers and Security PINs.

Last month the  City of London police, which has been investigating the Lapsus$ hacking group, said that it has charged two teenagers with cyber offences. A 16-year-old and 17-year-old, who cannot be named for legal reasons,  were charged with unauthorised access to a computer with intent to impair the reliability of data, fraud by false representation and unauthorised access to a computer with intent to hinder access to data.  

Oodaloop:       Threatpost:     Threatpost:     The Verge:    Brian Krebs:      ITPro:     PSBE News Group:   

You Might Also Read: 

LAPSUS$ Hackers Claim Responsibility For Large Scale Corporate Attacks:

 

« Government Cloud On-Ramping
Hackers Are Blasting Facebook Users With Phishing Emails »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSIRT.CZ

CSIRT.CZ

CSIRT.CZ is the National Computer Security Incident Response Team of the Czech Republic.

TestingXperts

TestingXperts

TestingXperts is a specialist software QA and testing company.

Optimum Insurance

Optimum Insurance

Optimum's Cyber Risk & Data Protection Insurance policies are designed to protect against cyber exposures that arise when a company’s data and customer information is breached or stolen.

Rockwell Automation

Rockwell Automation

Rockwell Automation offer industrial security solutions to protect the integrity and availability of your complex automation solutions.

Sigma Payment Solutions

Sigma Payment Solutions

Sigma Payment Solutions offers a comprehensive suite of automated payment processing services, solutions, and technology to businesses in the USA.

AcceptLocal

AcceptLocal

AcceptLocal is a payments industry consultancy with expertise in payment processing, payment security, anti-money laundering and fraud prevention.

IBA Security

IBA Security

IBA Security is a center of competence consolidating the cybersecurity expertise of the IBA Group.

Rostelecom Solar

Rostelecom Solar

Rostelecom-Solar is a Cyber Security Company, providing software and managed detection and response (MDR) services to protect critical information from advanced cyber threats.

Cyber Defence Solutions (CDS)

Cyber Defence Solutions (CDS)

Cyber Defence Solutions is a cyber and privacy Consultancy with extensive experience in the development and implementation of cyber and data security solutions to your assets.

1Touch.io

1Touch.io

1touch.io Inventa is an AI-based, sustainable data discovery and classification platform that provides automated, near real-time discovery, mapping, and cataloging of all sensitive data.

Bittnet Training

Bittnet Training

Bittnet Training is the leader in the IT Training market in Romania. We develop the IT skills of IT professionals as well as those who wish to start a career in IT.

Intelligent CloudCare

Intelligent CloudCare

Intelligent CloudCare, a division of IPS, is a full IT Services provider serving the needs of SMBs in the metropolitan New York City region.

Moonlock

Moonlock

Cybersecurity tech for humans. At Moonlock, we make software that seamlessly protects you and has your back as you live your life.

Praxis Security Labs

Praxis Security Labs

Praxis Security Labs is a research driven cybersecurity company that helps our customers to reduce risk and improve security.

Telenor Cyberdefence

Telenor Cyberdefence

Telenor Cyberdefence is a newly established (2024) cloud-born Managed Security Service Provider focused on the Nordic markets.

Pulsar Security

Pulsar Security

Pulsar Security is a team of highly skilled, offensive cybersecurity professionals with the industry's most esteemed credentials and advanced real-world experience.