Let me remind you that we have already talked about the strange hack group Lapsus$, which blackmailed Nvidia, leaked the source codes of Microsoft<\/strong><\/a>, as well as Ubisoft<\/strong>, and Samsung<\/strong>, compromised Okta<\/strong><\/a>, but fame for hackers was clearly more important than financial gain.<\/p>\n The well-known investigative journalist Brian Krebs<\/strong>, who has specialized in information security for many years and has repeatedly exposed various hack groups and helped law enforcement officers in their investigations, reported on the T-Mobile<\/strong> hack<\/a>.<\/p>\n Krebs, who got into the private chats of the group members, writes that the attack on T-Mobile<\/strong> took place some time ago, even before the arrests of seven alleged Lapsus$<\/strong> members<\/a>, which UK law enforcement agencies reported at the end of March 2022.<\/p>\n According to the chat logs, the VPN credentials that the group used for initial access were purchased and stored on the dark web, on sites such as Russian Market. The goal of the attackers was to compromise the accounts of T-Mobile<\/strong> employees, which ultimately allowed them to carry out SIM-swap attacks.<\/p>\n In addition to accessing an internal customer account management tool called Atlas, the hackers’ discussions suggest they gained access to Slack and Bitbucket accounts, using the latter to download 30,000 source code repositories.<\/p>\n At the same time, hackers were looking for T-Mobile<\/strong> accounts associated with the FBI and the US Department of Defence in Atlas (see screenshot below). To their disappointment, it turned out that additional verification procedures were needed to work with such accounts.<\/p>\n![\"T-Mobile](\"\/blogs\/wp-content\/uploads\/2022\/04\/lapsus_01.jpg\" "\\"\\"")
<\/a><\/p>\n
![\"T-Mobile](\"\/blogs\/wp-content\/uploads\/2022\/04\/lapsus_02-1024x553.jpg\" "\\"\\"")
<\/a><\/p>\n![\"T-Mobile](\"\/blogs\/wp-content\/uploads\/2022\/04\/lapsus_03-1024x568.jpg\" "\\"\\"")
<\/a><\/p>\n