On 22.04.2022, T-Mobile confirmed that the criminal hacker group Lapsus$ penetrated the company’s network a few weeks ago with previously stolen credentials and was thus able to gain access to the company’s internal systems. Lapsus$ is known for stealing data from reputable companies and making ransom demands. The group is reportedly led by a teenage mastermind and has already been caught.

A spokesperson for the telecommunications company assured BleepingComputer that no sensitive information or customer data was stolen as part of the cyberattack. The cybercriminals only managed to access internal operating software, which is not related to confidential information. No evidence was found that data or trade secrets had been tapped.

The incident was uncovered by in-house monitoring tools that documented the intrusion of the unauthorized actors through stolen credentials. According to T-Mobile, the criminals’ access was quickly cut off, and the compromised credentials used were immediately deactivated. The company’s systems and processes have been cleaned up and are working as intended.

The cyber incident was brought to the fore by independent investigative journalist Brian Krebs, who was the first to report on the cyber incident. He was able to analyze leaked Telegram chat messages between members of the Lapsus$ gang and determine that the attackers had managed to steal internal source code from T-Mobile and then penetrate the systems.