Lapsus$ Hackers Stole T-Mobile’s Source Code and Systems Data

T-Mobile has acknowledged the breach which occurred before police arrested some of the Lapsus$ members last month.

The infamous Lapsus$ hacking group managed to steal T-Mobile’s source code in March 2022, days before the group’s prolific members got arrested in the same month. Lapsus$ hackers carried out a series of breaches in March, reported by Krebs on Security’s Brian Krebs. T-Mobile also confirmed the attack on The Verge.

Lapsus$ is a notorious group of teen hackers that mainly hunts for the source code of high-profile and large tech firms like Samsung, Microsoft, and Nvidia. The group has previously targeted Globant, Okta, and Ubisoft.

In its latest breach against T-Mobile, the Lapsus$ group has reportedly downloaded over 30,000 source code repositories of the carrier.

LAPSUS$ hackers inside T-Mobile’s source code repository at Bitbucket (Image credit: Brian Krebs)

How Did the Attack Occur?

Speaking to Brian Krebs, T-Mobile stated that their monitoring tools detected an unauthorized individual trying to access its internal systems using stolen credentials. Reportedly, Lapsus$ hackers managed to buy stolen T-Mobile credentials from dedicated marketplaces like Russian Market and several others.

According to the telecom giant, the hackers also used the carrier’s employees’ credentials and internal devices such as its CMS or Atlas systems that could be used to conduct SIM swaps attacks.

“Several weeks ago, our monitoring tools detected a bad actor using stolen credentials to access internal systems that house operational tools software. Our systems and processes worked as designed, the intrusion was rapidly shut down and closed off, and the compromised credentials used were rendered obsolete.”

T-Mobile

Furthermore, the attackers used the access to hack into T-Mobile’s accounts linked with the Department of Defense and the FBI. Still, they weren’t successful because of additional verification measures required to access these accounts.

T-Mobile confirmed that the systems Lapsus$ hackers accessed didn’t contain customer data or government information, or other sensitive information.

LAPSUS$ hackers digging into Department of Defense in T-Mobile’s internal Atlas system (Image credit: Brian Krebs)

What is SIM Swapping?

For your information, SIM swapping is also known as SIM Hijacking. It is a kind of identity theft in which an attacker manages to create a new SIM card of any number fraudulently and use it for personal gains, without the knowledge or consent of the original user of the phone number.

To get the duplicate SIM card, the attacker usually calls the telecom firm and convinces their customer support service for being the actual owner of the phone number by providing the target’s personal information. Thus, the telecom firm ports the phone number to a new SIM card that is received by the attacker.

It is due to SIM Swapping attacks users including celebrities and top executives have lost millions of dollars to cybercriminals in the last few years.

It rains data breaches at T-Mobile

It is worth noting that T-Mobile has more than 104 million subscribers yet its security measures are highly dubious. In 2021 alone, the company suffered two successful data breaches (1 and 2) in which millions of its customers’ data was stolen and sold on hacking forums.

The hacker who claimed responsibility for one of the attacks called the carrier’s security “awful.” From 2015 to 2021, T-Mobile has made headlines for several other security-related incidents including exposure of customers’ data, a security vulnerability that allowed mass hijacking of customers’ accounts,

In December 2021, the telecom giant was in news again after it announced yet another data breach that exposed users to SIM swapping attacks. The list goes on…

More Telecom Data Breaches

1. Spanish telecom giant MasMovil hit by Revil ransomware gang
2. Telecom giant behind routing SMS discloses 5-year-long data breach
3. Ukrainian Hacker Hacks Polish Telecom Giant Netia; Leaks Massive Data
4. Hacker extracts customer data from Canadian Telecom Firm after rebuttal
5. Croatian Police arrests minor over A1 Telecom data breach & ransom demand