T-Mobile announced on Friday that it was the victim of a security compromise in March after the LAPSUS$ mercenary gang gained access to its networks.
The acknowledgement came after investigative journalist Brian Krebs shared internal LAPSUS$ communications revealing that the group infiltrated the company many times in March previous to the arrest of its seven members.
T-Mobile stated in a statement that the attack occurred "many weeks ago," with the "bad actor" accessing internal systems using stolen credentials. "The systems accessed contained neither consumer nor government information or other similarly sensitive information, and we have no evidence that the intruder obtained anything of value," the statement continued.
The VPN credentials for initial access are alleged to have been obtained from illegal websites such as Russian Market in order to gain control of T-Mobile staff accounts, allowing the threat actor to carry out SIM swapping attacks at will.
The discussions show that, in addition to getting access to Atlas, an internal customer account management platform, LAPSUS$ had penetrated T-Slack Mobile's and Bitbucket accounts, utilising the latter to steal over 30,000 source code repositories.
LAPSUS$ has earned attention for its breaches of Impresa, NVIDIA, Samsung, Vodafone, Ubisoft, Microsoft, Okta, and Globant in the short period since it first appeared on the threat landscape.
The City of London Police announced earlier this month that it has charged two of the seven minors, a 16-year-old and a 17-year-old, who were arrested last month for their connections to the LAPSUS$ data extortion network.
Please do not enter any spam link in the comment box.