We have heard Lapsus$ gang many times in the recent months of their successful attacks on tech giants such as Nvidia, Samsung, Microsoft, and more. Some arresting news emerged at the end of March and the beginning of April, and the gang has gone silent aftermath. It seems like the gang’s one of the latest victims is T-Mobile, a communication company from Germany.
The ultimate goal: SIM swap attacks
By infiltrating T-Mobile Bitbucket, the gang has managed to steal the source codes
According to T-Mobile’s announcement, the incident happened several weeks ago; before the arrests of the members of Lapsus$. T-Mobile states that the group has breached by utilizing stolen VPN credentials. The VPN credentials are said to be obtained from illegal websites such as Russain Market and it was used to gain initial access. The group was aiming to control all of the T-Mobile employee accounts to deploy SIM swapping attacks whenever they want.
T-Mobile also added that no customer or government data was exposed through the attack. Lapsus$ has managed to gain access to customer account management tool Atlas and infiltrated Slack and Bitbucket accounts. The gang stole over 30k source code repositories through Bitbucket.