Cyber attacks are as prevalent as ever, forcing companies small and large to pay extra attention to their security practices. The biggest name in cybersecurity right now is Lapsus$, a hacker group responsible for attacks on Nvidia, Samsung, and Ubisoft this year alone. Even after some of its members were arrested in the UK, the group has continued activity in certain corners of the internet. Add T-Mobile to the ever-growing list of targeted major players, as the Uncarrier was hit back in March.
As detailed by Krebs on Security, leaked chats from private Telegram channels give us plenty of information on how its core members worked and operated, along with new insight into a T-Mobile breach. Based on these screenshots, Lapsus$ members accessed basically all of the company's internal tools, including the software needed to perform SIM swaps. Although some of the members wanted to use this attack to make some quick cash from high-profile users, the lead behind this effort — a 17-year-old from the UK who goes by "White" — wanted to target FBI and Department of Defense agents.
Thankfully, his plan fell through, as T-Mobile required White to give additional verification before getting the option to SIM swap with any number of leading government agents. Eventually, White terminated their VPN connection that allowed the group to rummage through the carrier's internal database before eventually running a script to download more than 30,000 source code repositories.
According to the report, it's unclear from the chat logs why the group went after T-Mobile's source code, though it likely was an effort to demand a ransom if Lapsus$ was ever able to delete the company's data remotely.
T-Mobile provided the following statement to Krebs:
"Several weeks ago, our monitoring tools detected a bad actor using stolen credentials to access internal systems that house operational tools software. The systems accessed contained no customer or government information or other similarly sensitive information, and we have no evidence that the intruder was able to obtain anything of value. Our systems and processes worked as designed, the intrusion was rapidly shut down and closed off, and the compromised credentials used were rendered obsolete."
This breach is just the latest security failure for the company, which also faced a massive hack last summer, along with a second data breach at the end of 2021.
This event really is just the tip of the iceberg when it comes to these chat logs, including infighting, doxxing, threats, and a general sense of paranoia. You know, basic teenager stuff.