The Lapsus$ hacking group stole T-Mobile’s source code in a series of breaches that took place in March, as first reported by Krebs on Security.

T-Mobile confirmed the attack in a statement to The Verge, and says the “systems accessed contained no customer or government information or other similarly sensitive information.”

In copies of private messages obtained by Krebs, the Lapsus$ hacking group discussed targeting T-Mobile in the week prior to the arrest of seven of its teenage members. After purchasing employees’ credentials online, the members could use the company’s internal tools — like Atlas, T-Mobile’s customer management system — to perform SIM swaps. This type of attack involves hijacking a target’s mobile phone by transferring its number to a device owned by the attacker. From there, the attacker can obtain texts or calls received by that person’s phone number, including any messages sent for multi-factor authentication. Lapsus$ hackers also attempted to crack into the FBI and Department of Defense’s T-Mobile accounts

Buy Me a Coffee

According to screenshotted messages posted by Krebs, Lapsus$ hackers also attempted to crack into the FBI and Department of Defense’s T-Mobile accounts. They were ultimately unable to do so, as additional verification measures were required.

“Several weeks ago, our monitoring tools detected a bad actor using stolen credentials to access internal systems that house operational tools software,” T-Mobile said in an emailed statement to The Verge. “Our systems and processes worked as designed, the intrusion was rapidly shut down and closed off, and the compromised credentials used were rendered obsolete.”

READ
Hackers Exploit Vulnerability in WordPress Plugin Hunk Companion to Install Outdated and Vulnerable Plugins

(via theverge)