New Attack By Lapsus$ Cybercriminals, Who Get Hold Of T-Mobile Source Code

The Lapsus$ cybercriminal group has once again attacked the servers of a large company. In this case, the victim has been the German telecommunications company T-Mobile, which has confirmed the attack in a statement in which it acknowledges that “the systems that have suffered the access do not contain any government information or belonging to its customers, as well as any other sensitive information”.

Lapsus$ managed to get hold of T-Mobile employees’ credentials by acquiring them, which allowed them to use the company’s internal tools, such as Atlas, the customer management system, to make copies of SIM cards. From there, an attacker can access the customer’s mobile device, and transfer their number to another device from which to obtain text messages. This allows circumventing security mechanisms such as those used as two-factor authentication to access, for example, the bank account.

Some of the T-Mobile numbers that Lapsus$ tried to access correspond to those of the FBI and the U.S. Department of Defense, although they were unable to do so because they require additional security measures.

T-Mobile has reported that they detected these intrusions a few weeks ago, due to an alert indicating an attempt by someone unauthorized to access the company’s internal tools. The intrusion attempt was quickly blocked and the credentials used in the attempt were revoked.

In recent months, the Lapsus$ group has accumulated a significant track record of unauthorized access to the central servers of large companies, having managed on some occasions to gain access to the source code of some platforms and programs. They have managed to get into the heart of the servers of Microsoft, Nvidia, Ubisoft and Samsung.