Lapsus$ hacks into T-Mobile, gains access to internal tools


San Francisco, Apr 23 (IANS): Lapsus$ hacking group that hit top tech firms like Microsoft, Nvidia, Samsung and Vodafone, has now hacked into the top US telecom carrier.

Revealed by security journalist Brian Krebs, the data breach gave Lapsus$ access to T-Mobile's network by compromising employee accounts, "either by buying leaked credentials or through social engineering".

"This gave the hackers access to T-Mobile's internal tools, acewhich the hackers used in an attempt to find T-Mobile accounts associated with the FBI and Department of Defense, but were blocked as the access needed additional checks," reports TechCrunch.

T-Mobile said "no customer or government information" was accessed during the incident.

Krebs said that the hackers were able to steal source code for a range of company projects.

"Several weeks ago, our monitoring tools detected a bad actor using stolen credentials to access internal systems that house operational tools software," the company said in a statement.

"Our systems and processes worked as designed, the intrusion was rapidly shut down and closed off, and the compromised credentials used were rendered obsolete."

T-Mobile has confirmed six other previous data breaches since 2018.

Earlier this month, the City of London Police charged two teenagers with multiple cyber offences, just a week after they arrested seven individuals as part of its investigation into Lapsus$ hacking group.

"Two teenagers, a 16-year-old and a 17-year-old, have been charged in connection with this investigation and remain in police custody," said the police.

First surfaced in December 2021, the Lapsus$ hacking group recently broke into software development consultancy Globant.

 

  

Top Stories


Leave a Comment

Title: Lapsus$ hacks into T-Mobile, gains access to internal tools



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.