T-Mobile has had the source code for various projects stolen in various breaches by the Lapsus$ hacking group
last month, reports Krebs on Security.
Leaked private messages from Lapsus$ members in the week before its most prolific members were apprehended in March revealed that the group was able to secure initial access, as well as credentials, from Russian Market and other sites. While Lapsus$ has not faced difficulties in purchasing credentials, exfiltrating data, and conducting social-engineering campaigns against targeted companies, the group noted device enrollment as a bigger challenge.
T-Mobile employees were found to be bombarded with attacks by Lapsus$ members, who sought to conduct SIM swapping to allow interception of text messages and phone calls. Lapsus$ was then discovered to have obtained access to T-Mobile's customer account management tool dubbed "Atlas" on March 19, which was then leveraged to search for FBI and Department of Defense-associated accounts. Over 30,000 T-Mobile source code repositories were found to be stolen by an automated script by Lapsus$ leader White. Meanwhile, T-Mobile insisted that the breach did not involve any customer or government data, as well as other sensitive information.