T-Mobile confirms Lapsus$ infiltrated its systems

Renovated Headquarters
(Image credit: T-Mobile)

Telecoms giant T-Mobile has confirmed its digital premises were breached by the notorious Lapsus$ hackers, but played down the severity of the incident.

As reported by BleepingComputer, the group of hackers was apparently unable to obtain any valuable data from the incursion.

"Several weeks ago, our monitoring tools detected a bad actor using stolen credentials to access internal systems that house operational tools software," a T-Mobile spokesperson told the publication.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Stealing source code

T-Mobile went in to further details as to precisely what the attackers were able to access, and how the company responded.

"The systems accessed contained no customer or government information or other similarly sensitive information, and we have no evidence that the intruder was able to obtain anything of value," said the firm.

"Our systems and processes worked as designed, the intrusion was rapidly shut down and closed off, and the compromised credentials used were rendered obsolete."

However, other sources offer conflicting reports as to the nature of the stolen data.

According to a report from security expert Brian Krebs, based on leaked chat logs allegedly showing a conversation between Lapsus$ members, the group managed to steal proprietary T-Mobile source code. A total of 30,000 source code repositories were taken from T-Mobile's endpoints, the report claims.

The group is also said to have obtained access to Atlas, a powerful internal T-Mobile tool for managing customer accounts, as well as access to company Slack and Bitbucket accounts.

The motive behind the desire to steal source code is unclear, the report further states, but Krebs suspects that it could be about extortion, or turning a profit on the black market. 

In the past four years, T-Mobile has disclosed a total of seven breaches, including one in which threat actors accessed data belonging to 3% of all of its customers. 

Recently, the company’s customers notified the FBI of “unblockable” SMS phishing attacks, which are linked to one of the earlier breaches.

Via BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.