Although it had been believed that the Lapsus$ extortion group had retired for a vacation, added to the news that several of its members were arrested, including the alleged leader, it turns out that between March and April they have been very active with other attacks on important companies. In this case, T-Mobile, dedicated to telecommunications, whose parent company is Telecom, joins the long list of Lapsus$’s victims.
Details of what was shared by T-Mobile
Last Friday, T-Mobile confirmed in a statement that they had suffered a breach in their security during March. This way, Lapsus$ gained access to its internal systems, but without affecting the data of its users. Everything came to light when the investigative journalist Brian Krebs shared internal chats of several of the group’s members, where they talked about the different breaches they committed against T-Mobile.
Of course, this security incident occurred days before several of their members, which have been protagonists in recent months for their attacks on important profiles within the corporate world, were arrested and investigated by the City of London Police.
According to the statement shared by T-Mobile, it can be seen: “The accessed systems contained no customer or government information or other similarly sensitive information, and we have no evidence that the intruder was able to obtain anything of value.”
It was all thanks to VPN credentials obtained through suspicious means, possibly on the deep web or black markets, to gain control of different employees’ accounts, which would allow them to carry out SIM swapping attacks at will. This also gave them access to an internal customer account management tool called Atlas, in addition to gaining access to T-Mobile’s Slack and Bitbucket accounts, which allowed them to access more than 30,000 source code repositories.
Although the London police has an open investigation about this group, in which several minors are involved, Lapsus$ has not stopped making its attacks. It only remains to wait and see what this extortion group’s next move will be, since several experts point out that perhaps its final objective is much more worrying than these attacks on important profiles.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Photo by Mika Baumeister on Unsplash.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp