Cyber criminals penetrate T-Mobile’s corporate network

Once again, a cyber incident occurred at the telecommunications service provider T-Online. Criminal hackers managed to penetrate the company network using stolen access data and gain access to operating software.

Find out how the incident occurred and how companies can protect themselves in our blog post.

What has happened?

On 04/22, T-Mobile confirmed that the criminal hacking group Lapsus$ penetrated the company’s network a few weeks ago using previously stolen credentials to gain access to internal company systems. Lapsus$ is known for stealing data from well-known companies to claim ransom. The group is reportedly led by a teenage mastermind and has already been caught.

A spokesperson for the telecommunications company assured BleepingComputer that no sensitive information or customer data was stolen as part of the cyberattack. The cybercriminals only managed to access internal operating software unrelated to confidential information. No evidence was found that data or trade secrets were tapped, the company said.

The incident was uncovered by in-house monitoring tools that documented the intrusion of the unauthorized actors through stolen access data. According to T-Online, the criminals’ access was quickly capped, and the compromised credentials used were immediately disabled. The company’s systems and processes were cleaned up and are functioning as intended.

The cyber incident was brought to public attention by independent investigative journalist Brian Krebs, who was the first to report on the cyber incident. He was able to analyze leaked Telegram chat messages between members of the Lapsus$ gang and determine that the attackers had managed to steal internal source code from T-Mobile.

What are the risks to my business?

According to T-Mobile, the criminal hacking group only had access to internal systems, but they were not related to sensitive data or even customer data. Sensitive information was not stolen and could therefore not be offered for sale on the darknet.

It can therefore be assumed that there is no immediate risk for T-Mobile customers – but vigilance is still required. As always, never use the same passwords for different applications and be careful with your data.

  • Never use the same passwords for different applications and be careful with your data. A password manager will help you manage them.
  • Watch out for suspicious SMS and emails.
  • Never click on links in such messages and do not disclose confidential information.