Multiple security breaches allowed cybercriminal group Lapsus$ to steal T-Mobile’s source code, says KrebsOnSecurity.
T-Mobile fell victim to a series of data breaches carried out by cybercrime group Lapsus$ in March. In a Friday post, security site KrebsOnSecurity revealed leaked chat messages between members of the Lapsus$ gang, in which they discussed attacking T-Mobile employees using social engineering tactics aimed at gaining them access to a victim’s cell phone number provide. Known as SIM swapping, this tactic reassigns a phone number to an attacker’s device, allowing them to intercept text messages and phone calls to reset passwords and multi-factor authentication codes.
SEE: Mobile Device Security Policy (TechRepublic Premium)
Using T-Mobile VPN credentials purchased on the Dark Web, Lapsus$ members were able to gain access to Atlas, a T-Mobile tool…