That same month, ransomware gang Lapsus$ stole T-Mobile’s source code, before police arrested seven of the group’s most prolific members in late March. In a report published on Friday and spotted by The Vergine, security journalist Brian Krebs shared screenshots of private Telegram messages showing the group had targeted the carrier on multiple occasions.
“A few weeks ago, our monitoring tools detected an attacker who was using stolen credentials to access internal systems containing operating software,” T-Mobile told Krebs. “Our systems and processes worked as designed, the intrusion was quickly shut down and repelled, and the compromised credentials used became obsolete.” The company added that “the systems accessed did not contain customer or government information or other similarly sensitive information contained information”.
Lapsus$ first accessed T-Mobile’s internal tools by purchasing stolen employee data from sites such as Russian Market. The group then carried out a series of SIM swap attacks. With these types of intruders, a hacker typically hijacks their target’s cell phone by copying the number to a device they own. The attacker can then use this access to intercept SMS messages, including links to reset passwords and one-time codes for multi-factor authentication. Some Lapsus$ members attempted to use their access to hack into T-Mobile accounts associated with the FBI and Department of Defense, but failed due to the additional verification measures associated with those accounts.
Hackers have frequently targeted T-Mobile in recent years. Last August, the company confirmed it was the victim of a hack that compromised the personal information of more than 54 million of its customers. This breach also included SIM swap attacks and may even have seen the carrier secretly pay a third-party company to limit the damage.
All products recommended by Engadget are selected by our editorial team independently from our parent company. Some of our stories contain affiliate links. If you buy something through one of these links, we may receive an affiliate commission.