T-Mobile confirms Lapsus$ infiltrated its systems

The company has played down the importance of the breach#

Telecoms giant T-Mobile has confirmed its digital premises were breached by the notorious Lapsus$ hackers, but played down the severity of the incident.

As reported by BleepingComputer, the group of hackers was apparently unable to obtain any valuable data from the incursion.

“Several weeks ago, our monitoring tools detected a bad actor using stolen credentials to access internal systems that house operational tools software,” a T-Mobile spokesperson told the publication.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Stealing source code

T-Mobile went in to further details as to precisely what the attackers were able to access, and how the company responded.

“The systems accessed contained no customer or government information or other similarly sensitive information, and we have no evidence that the intruder was able to obtain anything of value,” said the firm.

“Our systems and processes worked as designed, the intrusion was rapidly shut down and closed off, and the compromised credentials used were rendered obsolete.”

However, other sources offer conflicting reports as to the nature of the stolen data.

According to a report from security expert Brian Krebs, based on leaked chat logs allegedly showing a conversation between Lapsus$ members, the group managed to steal proprietary T-Mobile source code. A total of 30,000 source code repositories were taken from T-Mobile’s endpoints, the report claims.

The group is also said to have obtained access to Atlas, a powerful internal T-Mobile tool for managing customer accounts, as well as access to company Slack and Bitbucket accounts.

The motive behind the desire to steal source code is unclear, the report further states, but Krebs suspects that it could be about extortion, or turning a profit on the black market. 

In the past four years, T-Mobile has disclosed a total of seven breaches, including one in which threat actors accessed data belonging to 3% of all of its customers. 

Recently, the company’s customers notified the FBI of “unblockable” SMS phishing attacks, which are linked to one of the earlier breaches.

Via BleepingComputer

By Sead Fadilpašić

Show More
Back to top button