Home Sms code $LAPSUS leaks show group stole 30,000 T-Mobile source code repositories: Krebs

$LAPSUS leaks show group stole 30,000 T-Mobile source code repositories: Krebs


According to a new moving report by freelance investigative journalist Brian Krebs, who was leaked the LAPSUS$ group’s internal Telegram group messages by a disgruntled former associate. T-Mobile has now admitted the violation.

“The messages reveal that whenever LAPSUS$ was cut off from a T-Mobile employee’s account – either because the employee was trying to log in or change their password – they would just find or buy another set of T-Mobile VPN credentialsKrebs wrote on April 22. The veteran security reporter suggested this week that the ease with which LAPSUS$ can buy access from dark websites means companies should scrape them regularly.

“AYou can access dark web bot shops like Russian Market and Genesis, which means big companies would probably have to pay someone to take down these criminal bot services on a regular basis, or even buy out their own employee credentials to remove these vulnerable systems from the market,” he noted in his own writing.

“Because it’s probably the easiest and cheapest solution money can buy.”

T-Mobile, which reported $58.4 billion in revenue for the year 2021, was also devastatingly hacked in August 2021, with the data of 40 million customers stolen in an incident that its CEO describe as “humiliating”.

T-Mobile CEO Mike Sievert said in August 2021 following the breach that the telecommunications company was entering into “long-term partnerships with leading cybersecurity experts Mandiant and consulting firm KPMG”. as part of “a major one-year multi-investment to adopt best practices and transform our approach. »

The LAPSUS$ hackers then lost all of the stolen T-Mobile source code after storing it on an AWS server that was seized by the FBI – and failed to save the data (“RIP FBI seized my server,” one member wrote on Telegram in posts shared with Krebs in his report this weekend: “So much illegal shit. It’s filled with illegal shit.”)

Attempts to download again from T-Mobile failed, leaked chats surfaced after the access token they were using was revoked. The leader shrugs: “Cloning 30,000 deposits four times in 24 hours is not very normal.”

Krebs wrote: “Access to [T-Mobile] the company’s tools could give them [LAPSUS$] everything they needed to perform hassle-free”SIM exchanges” — reassign a target’s cell phone number to a device they controlled. These unauthorized sim swaps allow an attacker to intercept a target’s text messages and phone calls, including any links texted for password resets, or one-time codes sent for password resets. multi-factor authentication.

T-Mobile played down the consequences of the breach, telling Krebs, “Several weeks ago, our monitoring tools detected a bad actor using stolen credentials to gain access to internal systems that host tool software. operational. The systems accessed did not contain any customer or government or other similar sensitive information, and we have no evidence that the intruder was able to obtain anything of value.

The company, which has more than 75,000 employees, said: “Our systems and processes worked as intended, the intrusion was quickly stopped and closed, and the compromised credentials used became obsolete.”

Attackers appear t