T-Mobile has acknowledged the breach which occurred before police arrested some of the Lapsus$ members last month.
The infamous Lapsus$ hacking group managed to steal T-Mobile’s source code in March 2022, days before the group’s prolific members got arrested in the same month. Lapsus$ hackers carried out a series of breaches in March, reported by Krebs on Security’s Brian Krebs. T-Mobile also confirmed the attack on The Verge.
Lapsus$ is a notorious group of teen hackers that mainly hunts for the source code of high-profile and large tech firms like Samsung, Microsoft, and Nvidia. The group has previously targeted Globant, Okta, and Ubisoft.
In its latest breach against T-Mobile, the Lapsus$ group has reportedly downloaded over 30,000 source code repositories of the carrier.
Speaking to Brian Krebs, T-Mobile stated that their monitoring tools detected an unauthorized individual trying to access its internal systems using stolen credentials. Reportedly, Lapsus$ hackers managed to buy stolen T-Mobile credentials from dedicated marketplaces like Russian Market and several others.
According to the telecom giant, the hackers also used the carrier’s employees’ credentials and internal devices such as its CMS