Sunday, November 10

T-Mobile Data Theft: Lapsus$ Hackers Tried to Hack FBI Phones

Los teléfonos de los agentes de seguridad no pudieron ser comprometidos debido a que los hackers no contaban con todas las credenciales necesarias
The phones of the security agents could not be compromised because the hackers did not have all the necessary credentials

Photo: ROBYN BECK / AFP / Getty Images

A T-Mobile investigation revealed that members of the Lapsus$ hacker group attempted to fraudulently access the phones of FBI officials and of the Department of Defense.

The operator indicated that criminals they couldn’t have access to the phones, so they weren’t able to steal information.

“A couple of weeks ago, our monitoring tools detected an attacker who used stolen credentials to access internal systems that host operating tool software. Our systems and processes worked as designed, the intrusion was quickly stopped and closed, and the compromised credentials used were rendered ineffective,” T-Mobile said in a statement.

The investigation began after the company discovered that hackers managed to infiltrate its systems. Although the information that had emerged so far about the attack indicated that hackers had not had access to confidential company information such as customer data, new information seems to indicate otherwise.

A series of screenshots of hacker communications leaked to the internet suggests so managed to obtain information from T-Mobile customers. The attackers allegedly bought the credentials of some of the company’s workers over the Internet, which allowed them to access Atlas, the operator’s customer management system.

This allowed them to carry out SIM swaps, with which they could see the text messages and calls received from the numbers they managed to compromise.

According to leaked communications, cybercriminals were unable to hack FBI and Department of Defense phones because they were not able to because they needed a type of verification that they could not access.

Detentions

The details about this computer attack come after the security agencies managed to arrest, at the end of March, 7 alleged hackers who are part of this movement.

This was possible thanks to a police operation carried out in the city of London in the United Kingdom. The ages of the detainees range from 16 to 21 years so it is expected that some of them may be tried as minors.

Among the companies that were victims of the Lapsus$ attacks are Nvidia, MercadoLibre, Samsung and Microsoft.

This may also interest you:
– Hackers increase the speed at which they encrypt information: what does this mean and how users are affected
1059192450– Samsung confirmed that hackers stole source code from its Galaxy devices
– What is Okta and why its hacking puts thousands of companies at risk