The Lapsus$ hacking group stole T-Mobile’s source code in a series of security breaches that took place in March, first reported by Krebs on Security. T-Mobile confirmed the attack in a statement to The Verge, saying that “the systems accessed did not contain any customer or government information or other similarly sensitive information.”
In copies of private messages received by Krebs, the Lapsus$ hacking group discussed attacks on T-Mobile in the week before the arrest of seven of its teenage members. After purchasing employee credentials online, members could use the company’s internal tools – such as Atlas, T-Mobile’s customer management system – to perform SIM swaps. In this type of attack, a target’s cell phone is hijacked by dumping their number onto an attacker’s device. From there, the attacker can retrieve SMS or calls received on that person’s phone number, including any messages sent for multi-factor authentication.
Lapsus$ hackers also attempted to break into FBI and Department of Defense T-Mobile accounts
According to screenshots of messages posted by Krebs, Lapsus$ hackers also attempted to break into FBI and Department of Defense T-Mobile accounts. Ultimately, this was not possible for them because additional verification measures were required.
“A few weeks ago, our monitoring tools uncovered a bad actor using stolen credentials to access internal systems containing operating software,” T-Mobile said in an emailed statement to The Verge. “Our systems and processes worked as designed, the intrusion was quickly shut down and repelled, and the compromised credentials used became obsolete.”
T-Mobile has been the victim of several attacks over the years. Although this particular hack did not affect customers’ data, previous incidents did. In August 2021, a breach exposed the personal data of over 47 million customers, while another attack, which took place just months later, compromised “a small number” of customer accounts.
Lapsus$ has made a name for itself as a hacking group that mainly targets the source code of large tech companies such as Microsoft, Samsung, and Nvidia. The group, reportedly led by a teenage mastermind, has also targeted Ubisoft, Apple Health partner Globant and authentication company Okta.