Ransomware gang Lapsus$ stole T-Mobile’s source code that same month, before police arrested seven of the group’s more prolific members in late March. In a report published on Friday and seen by ledgeSecurity journalist Brian Krebs shared screenshots of private Telegram messages that showed the group targeted the carrier multiple times.
“Several weeks ago, our surveillance equipment detected a bad actor using stolen credentials to access internal systems, which is operational equipment software,” T-Mobile told Krebs. “Our systems and processes worked as designed, intrusions were rapidly detected and stopped, and the compromised credentials used became obsolete.” The company added “the accessed systems did not contain any customer or government information or other similar sensitive information.”
Lapsus$ initially used T-Mobile’s internal equipment by purchasing stolen employee credentials on websites such as Russian Market. The group then carried out a series of SIM swap attacks. This type of intrusion usually involves a hacker hijacking his target’s mobile phone by transferring the number to a device in his possession. The attacker can then use that access to intercept SMS messages, which contain links to password resets and one-time codes for multi-factor authentication. Some Lapsus$ members attempted to use their access to hack into T-Mobile accounts linked to the FBI and the Department of Defense, but failed to do so due to additional verification measures associated with those accounts.
Hackers have frequently targeted T-Mobile in recent years. Last August, the company confirmed that it had fallen victim to a hack in which the personal data of more than 54 million of its customers were compromised. That breach also included SIM swap attacks and the carrier may have secretly paid a third-party firm to limit the damage.
All products recommended by Engadget are handpicked by our editorial team independent of our parent company. Some of our stories include affiliate links. If you purchase something through one of these links, we may earn an affiliate commission.
