2022 does not sound like a good year to be a cybersecurity professional
Cyber attacks are as widespread as ever, forcing small and large businesses to pay extra attention to their security practices. The biggest name in cybersecurity right now is Lapsus $, a hacker group responsible for attacks on Nvidia, Samsung and Ubisoft alone this year. Even after some of its members were arrested in the UK, the group continues to operate in certain corners of the internet. Add T-Mobile to the ever-growing list of targeted big players when Uncarrier was hit back in March.
As described by Krebs on security, leaked chats from private Telegram channels give us plenty of information on how its core members worked and functioned, along with new insights into a T-Mobile breach. Based on these screens, Lapsus $ members gained access to virtually all of the company’s internal tools, including the software needed to perform SIM swaps. Although some of the members wanted to use this attack to make some quick money from high-profile users, the leader behind this effort – a 17-year-old from the UK who goes after “White” – wanted to target the FBI and the Department of Defense.
Fortunately, his plan fell through when T-Mobile demanded that White provide further confirmation before he was given the option to swap SIMs with any number of leading government agents. Eventually, White ended their VPN connection, allowing the group to rummage through the operator’s internal database before finally running a script to download more than 30,000 source code repositories.
According to the report, it is unclear from the chat logs why the group went after T-Mobile’s source code, although it was probably an attempt to demand a ransom if Lapsus $ was ever able to delete the company’s data remotely.
T-Mobile made the following statement to Krebs:
“Several weeks ago, our monitoring tools discovered a bad actor who used stolen credentials to access internal systems that contain software for operational tools. The systems that were accessed contained no customer or government information or other similar sensitive information, and we have no evidence that the uninvited guest was able to to achieve anything of value.Our systems and processes functioned as designed, the intrusion was quickly shut down and shut down, and the compromised credentials used were made obsolete. “
This breach is just the latest security flaw for the company, which also faced a massive hack last summer, along with another data breach in late 2021.
This event is really only the tip of the iceberg when it comes to these chatlogs, including fights, doxxing, threats and a general sense of paranoia. You know, basic teenage stuff.
Read Next
About the author
