Security News > 2022 > April > Lapsus$ Hackers Target T-Mobile

The company added that it has mitigated the breach by terminating the hacker's group access to its network and disabled the stolen credentials that were used in the breach.

Using these credentials Lapsus$ members can get access to the company's internal tools like - Atlas an internal T-Mobile tool for managing customer accounts.

After gaining access to ATLAS, Lapsus$ hackers also attempted to compromise the T-Mobile accounts associated with the FBI and Department of Defense but were unsuccessful as an additional verification method was linked to those accounts.

"Several weeks ago, our monitoring tools detected a bad actor using stolen credentials to access internal systems that house operational tools software," said a spokesperson from T-Mobile.

"The systems accessed contained no customer or government information or other similarly sensitive information, and we have no evidence that the intruder was able to obtain anything of value," T-Mobile added.

"From a security pro who fought LAPSUS$: It forces us to shift thinking about insider access. Nation states want longer, strategic access; ransomware groups want lateral movement. LAPSUS$ asks: What can this account get me in the next 6 hours? We haven't optimized to defend that." said Brian Krebs in a tweet on Mar 24, 2022.

News URL

https://threatpost.com/lapsus-hackers-target-t-mobile/179384/