Security News > 2022 > April > Lapsus$ Hackers Target T-Mobile
The company added that it has mitigated the breach by terminating the hacker's group access to its network and disabled the stolen credentials that were used in the breach.
Using these credentials Lapsus$ members can get access to the company's internal tools like - Atlas an internal T-Mobile tool for managing customer accounts.
After gaining access to ATLAS, Lapsus$ hackers also attempted to compromise the T-Mobile accounts associated with the FBI and Department of Defense but were unsuccessful as an additional verification method was linked to those accounts.
"Several weeks ago, our monitoring tools detected a bad actor using stolen credentials to access internal systems that house operational tools software," said a spokesperson from T-Mobile.
"The systems accessed contained no customer or government information or other similarly sensitive information, and we have no evidence that the intruder was able to obtain anything of value," T-Mobile added.
"From a security pro who fought LAPSUS$: It forces us to shift thinking about insider access. Nation states want longer, strategic access; ransomware groups want lateral movement. LAPSUS$ asks: What can this account get me in the next 6 hours? We haven't optimized to defend that." said Brian Krebs in a tweet on Mar 24, 2022.
News URL
https://threatpost.com/lapsus-hackers-target-t-mobile/179384/
Related news
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- T-Mobile pays $31.5 million FCC settlement over 4 data breaches (source)
- T-Mobile US fined $31.5M for network security breaches between 2021 and 2023 (source)
- T-Mobile confirms it was hacked in recent wave of telecom breaches (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments (source)