JAKARTA - Before the police caught the Lapsus$ ransomware gang at the end of last March, this group apparently managed to break into T-Mobile's source code.
The Germany-based telecommunications giant has confirmed that its servers were attacked, but insists no customer, government or other similar sensitive information was accessed or stolen.
First reported The Verge security journalist Brian Krebs shared screenshots of private Telegram messages, showing that Lapsus$ targeted the operator several times.
"A few weeks ago, our monitoring tool detected a malicious actor using stolen credentials to access an internal system that hosts operational tool software," said T-Mobile, which confirmed the attack.
"Our systems and processes worked as designed, intrusions were quickly shut down and compromised, and compromised credentials used became obsolete. The systems accessed did not contain customer or government information or other similar sensitive information."
It should be noted, Lapsus$ does not cripple T-Mobile's defenses. Instead, they access T-Mobile's internal tools by purchasing stolen employee credentials on websites like Russian Market.
The ransomware gang then carried out a series of SIM swapping attacks. Usually, this involves hackers hijacking their target's phone by transferring the number to the device they own.
Furthermore, they can use that access to intercept SMS messages, including links to password resets and one-time codes for multi-factor authentication.
Several Lapsus$ members tried to use their access to hack T-Mobile accounts linked to the FBI and the Department of Defense, but failed to do so due to additional verification actions associated with those accounts.
Launching Engadget, Monday, April 25, it is known that hackers have often targeted T-Mobile in recent years.
In August last year, the company confirmed it had fallen victim to a hack that saw the personal data of more than 54 million of its customers compromised. The breach also involved SIM swapping attacks and might even see carriers covertly paying third-party companies to limit the damage.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
