Lapsus$ Hackers Targeted T-Mobile

Uploaded on 2022-05-03 in GOVERNMENT-Law Enforcement, FREE TO VIEW, TECHNOLOGY--Hackers

The Lapsus$ hacking group stole thousnads of user credentials using T-Mobile’s source code in a series of breaches that took place in March.  T-Mobile have confirmed that the hacking group gained access to their system “several weeks ago.” 

Lapsus$ is known for stealing data and then demanding a ransom not to publish or sell it. Lapsus$ is a cyber crime group that specialises in extortion attacks. It rose to prominence when it launched a ransomware attack against the Brazilian Ministry of Health in 2021, compromising sensitive data for millions of patients such as Covid-19 vaccine status.

T-Mobile stated that it mitigated the breach by terminating the hacking group’s access to the network and disabling the stolen credentials used in the breach.

The telecom company was responding to a report released by journalist Brian Krebs, who was able to access the internal chats from the private Telegram channel of the Lapsus$ members responsible for the attacks. Private chats uncovered by Krebs revealed that the Lapsus$ hacking group get hold of the T-Mobile VPN credentials on illicit platforms, including one known as Russian Market.  

Using these credentials Lapsus$ members can get access to the company’s internal tools like, Atlas an internal T-Mobile tool for managing customer accounts.

According to screenshot messages posted by Krebs, Lapsus$ hackers also attempted to break into the FBI and Department of Defense’s T-Mobile accounts. They were ultimately unable to do so, as additional verification measures were required. 

The attacks carried out by Lapsus$ are not sophisticated, usually initiated by the stolen credentials from underground marketplaces and then an attempt to bypass the multi-factor authentication using social-engineering schemes.

T-Mobile suffered several different data breaches since 2018, exposing the personal data of 23m customers in 2018. In 2019 1.26m prepaid customers were affected by a breach. In Aug 2021 T-Mobile suffered another data breach, where more than 40m customers were hacked and data stolen. Theses account belonged to former or prospective customer who had applied for credit with the company. 

The records of these customers were later put on sale where it became clear that  the breached data included Personal Identifiable Information including US Social Security Numbers, Phone Numbers and Security PINs.

Last month the  City of London police, which has been investigating the Lapsus$ hacking group, said that it has charged two teenagers with cyber offences. A 16-year-old and 17-year-old, who cannot be named for legal reasons,  were charged with unauthorised access to a computer with intent to impair the reliability of data, fraud by false representation and unauthorised access to a computer with intent to hinder access to data.  

Oodaloop:       Threatpost:     Threatpost:     The Verge:    Brian Krebs:      ITPro:     PSBE News Group:   

You Might Also Read: 

LAPSUS$ Hackers Claim Responsibility For Large Scale Corporate Attacks:

 

« Government Cloud On-Ramping
Hackers Are Blasting Facebook Users With Phishing Emails »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

SQA Service

SQA Service

SQA Service provide independent software and process Quality Assurance services.

Critifence

Critifence

Critifence provides unique Cyber Security solutions designed for Critical Infrastructure, SCADA and Industrial Control Systems.

Multitel

Multitel

Multitel is an independent research centre. We develop and integrate emerging technologies into the industrial fabric at the regional and international levels.

Matrix42

Matrix42

Matrix42 software for digital workspace experience manages devices, applications, processes and services simple, secure and compliant.

Belle de Mai Incubator

Belle de Mai Incubator

Belle de Mai Incubator supports and funds innovative startup ideas in digital industries.

Incopro

Incopro

Incopro is an online IP and brand protection software provider that arms brand owners with actionable intelligence to combat online and offline intellectual property and copyright infringements.

Adaptive Shield

Adaptive Shield

Addaptive Shield - Complete Control For Your SaaS Security. Proactively find and fix weaknesses across your SaaS platforms.

Singular Security

Singular Security

Singular Security help public and private organizations minimize cybersecurity risk and pass their IT compliance audit.

Let's Encrypt

Let's Encrypt

Let’s Encrypt is a free, automated, and open digital certificate authority, run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

Input Output (IOHK)

Input Output (IOHK)

IOHK is one of the world's pre-eminent blockchain infrastructure research and engineering companies.

Red Goat Cyber Security

Red Goat Cyber Security

Red Goat Cyber Security have created excellent, informative and interactive Social Engineering Awareness training which is suitable for all levels of staff.

Red Access

Red Access

Red Access provides the first SaaS-based platform to protect web browsing from cyber threats on any browser and any in-app while ensuring frictionless user experience.

Focus Digitech

Focus Digitech

Focus Digitech helps you with your digital transformation journey with our main core offerings of Cloud, Cybersecurity, Analytics and DevOps.

Framework Security

Framework Security

With Framework Security, you get more than a consultancy; you get a partner dedicated to simplifying cybersecurity and protecting your business in the most efficient way possible.

Sardine

Sardine

Sardine is a leader in financial crime prevention. Using unparalleled device intelligence and behavior biometrics, Sardine applies machine learning to detect and stop fraud before it happens.

Graphiant

Graphiant

Graphiant’s Data Assurance service gives businesses end-to-end control and visibility into how data travels throughout the entire business network.