The hacking group Lapsus$ stole T-Mobile’s source code in a series of breaches that took place in March, as first reported by Krebs on security† T-Mobile confirmed the attack in a statement to The edgeand says the “entry systems do not contain customer or government information or other similarly sensitive information.”
In copies of private messages obtained by Krebs, the Lapsus$ hacking group discussed T-Mobile’s targeting the week prior to the arrest of seven of its teenage members. After purchasing their employees’ credentials online, members were able to use the company’s internal tools, such as Atlas, T-Mobile’s customer management system, to perform SIM swaps. In this type of attack, a target’s cell phone is hijacked by transferring its number to a device owned by the attacker. From there, the attacker can receive text messages or calls received by that person’s phone number, including any messages sent for multi-factor authentication.
According to Krebs screened reports, Lapsus$ hackers also attempted to break into FBI and Department of Defense T-Mobile accounts. They were ultimately unable to do so, as additional verification measures were required.
“A few weeks ago, our monitoring tools detected a bad actor who was using stolen credentials to access internal systems containing operational tools,” T-Mobile said in an emailed statement to The edge† “Our systems and processes were working as designed, the intrusion was quickly shut down and shut down, and the compromised credentials used were rendered obsolete.”
T-Mobile has been the victim of multiple attacks over the years. While this particular hack didn’t impact customer data, previous incidents did. In August 2021, a breach exposed the personal information of more than 47 million customers, while another attack just months later compromised “a small number” of customer accounts.
Lapsus$ has made a name for itself as a hacking group that primarily targets the source code of major technology companies, such as Microsoft, Samsung, and Nvidia. The group, reportedly led by a teenage brain, has also targeted Ubisoft, Apple Health partner Globant and authentication company Okta.