The hacking group Lapsus$ breached T-Mobile’s system in March, stealing 30GB of its source code, according to leaked Telegram messages.
The mobile company has since confirmed the attack, first reported by KrebsOnSecurty, but attests that no customer or government information was obtained by the hackers.
Far from this being Lapsus$’s first strike, the South American hacking circle has previously attempted to steal the source code of a number of tech firms including Microsoft, Nvidia, and Samsung. While the motivation behind the latest attack remains unclear, it’s likely that they stole the company’s data in return for some type of ransom payment.
Lapsus$ Targeted T-Mobile’s System in March
In T-Mobile’s latest security breach, its system was compromised by the prominent hacking and extorting group, Lapsus$.
Details of the attack, which was carried out last month, were first released by the security journalist Brian Krebs, who obtained a week’s worth of private Telegram messages from the hacking group.
In a post published on his site, it was revealed that Lapsus$ was able to breach T-Mobile’s system by buying leaked credentials and hacking the accounts of its employees. Once they made it into the network, the hacking group had access to internal tools like Atlas, T-Mobile’s customer management system.
“Several weeks ago, our monitoring tools detected a bad actor using stolen credentials to access internal systems that house operational tools software… Our systems and processes worked as designed, the intrusion was rapidly shut down and closed off, and the compromised credentials used were rendered obsolete.” – T-Mobile’s official statement
According to the leaked chat screenshots, by leveraging Altas, Lapsus$ were then able to conduct ‘SIM swaps’ – a practice that gave them control over their victim’s devices and the ability to intercept text messages, calls, and multi-factor authentication codes.
While these findings may sound concerning, T-Mobile declares that no customer or government data was accessed during the security breach. However, with the company’s source code for a number of projects being stolen, it remains to be seen if this hack will bring any lasting consequences.
These leaked messages were released just weeks after two of the gang’s most active members were arrested. The members, who were charged with three counts of unauthorized access and two counts of fraud, have both since been released on bail. They were just 16 and 17 years old at the time of the arrest.
The Lapsus$ Hacking Group Strikes Again
While the impact of Lapsus$’s most recent breach seems to be relatively minor, this hasn’t always been the case.
Lapsus$ first made a name for themselves in December of 2021 after they hacked into Brazil’s Ministry of Health and deleted data that could have been used to track and mitigate the Covid-19 pandemic.
Since this initial attack, the international cyber-crime gang have targeted a number of high-profile technology companies, including Samsung, Microsoft, Bing, and the inventor of the graphic processing unit (GPU), Nvidia.
While these attacks all differ slightly, they do seem to share some core similarities. Lapsus$ was able to retrieve a large amount of sensitive data from all of these firms, in addition to the company’s privately owned source code.
After retrieving this sensitive information, the hacking group offers it back to the companies in return for steep ransom payments.
How Can My Business Evade Security Breaches?
While legal enforcement appears to be cracking down on groups like Lapsus$, fighting cyber gangs can often feel like an endless ‘whack-a-mole’ game.
With this in mind, if your business doesn’t want to be subjected to ransom or ransomware attacks, you’ll also need to take matters into your own hands.
By using a strong password management tool, your business’s first line of defense can be protected. While there are loads of good options out there, our research suggests that 1Password and LastPass are among the best.
Protecting your business with robust antivirus software is another way to prevent malicious actors from penetrating your network. By installing this software and ensuring that it’s regularly updated, your chances of being compromised will be dramatically reduced.
If you’d like to learn more about ransomware attacks and how to avoid them, read our cybersecurity advice.