2 min Security

Lapsus$ steals source code from T-Mobile

Lapsus$ steals source code from T-Mobile

Criminal group Lapsus$ successfully attacked T-Mobile in March of this year.

According to research by security blog KrebsOnSecurity, Lapsus$ gained access to T-Mobile’s internal systems on several occasions. T-Mobile’s US subsidiaries were likely affected. In a response to KrebsOnSecurity, T-Mobile confirmed the incident.

Lapsus$ managed to penetrate systems and access data, similar to the incidents at Samsung, Okta, Globant, Microsoft and Nvidia. Among other things, they gained access to Atlas, an internal T-Mobile tool for managing customer accounts. According to KrebsOnSecurity, Lapsus$ managed to access sensitive customer account data, including the US Department of Defense. T-Mobile denies the theft of customer data.

Insight into Lapsus$

Some Lapsus$ members were arrested in March of this year. The logs of Lapsus$’s Telegram chat channel provide insight into their methods. The cybercriminals often gained initial access to companies’ systems by purchasing compromised credentials.

Furthermore, Lapsus$ tended to social engineer employees into bypassing MFA systems and VPN networks. Several T-Mobile employees were attacked with ‘SIM swaps’, which allowed the hackers to listen in and read along with employees’ mobile devices.

Source code

The logs indicate that Lapsus$’s leader — a 17-year-old Brit — called on members to focus on stealing source code. In the attack on T-Mobile, Lapsus$ disabled the VPN connection to the internal Atlas system in an attempt to retrieve source code. Lapsus$ has attempted to extort victims by threatening to publish source code in the past.

Tip: The rapid rise and fall of Lapsus$