{"id":27838,"date":"2022-04-26T09:52:00","date_gmt":"2022-04-26T07:52:00","guid":{"rendered":"https:\/\/perseus.de\/cybercriminals-infiltrate-t-mobiles-corporate-network\/"},"modified":"2026-03-31T07:24:04","modified_gmt":"2026-03-31T05:24:04","slug":"cybercriminals-infiltrate-t-mobiles-corporate-network","status":"publish","type":"post","link":"https:\/\/perseus.de\/en\/cybercriminals-infiltrate-t-mobiles-corporate-network\/","title":{"rendered":"Cybercriminals infiltrate T-Mobile’s corporate network"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
26.04.2022<\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Critical vulnerability in Microsoft Exchange Server<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Once again, there was a cyber incident at the telecommunications service provider T-Mobile. Criminal hackers have managed to penetrate the company network through stolen credentials and gain access to the operating software. <\/strong><\/p>

In our blog post, you will learn how the events happened and how companies can protect themselves.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

What happened?<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

On 22.04.2022, T-Mobile confirmed that the criminal hacker group Lapsus$ penetrated the company’s network<\/a> a few weeks ago with previously stolen credentials and was thus able to gain access to the company’s internal systems. Lapsus$ is known for stealing data from reputable companies and making ransom demands. The group is reportedly<\/a> led by a teenage mastermind and has already been caught. <\/p>

A spokesperson for the telecommunications company assured BleepingComputer<\/a> that no sensitive information or customer data was stolen as part of the cyberattack. The cybercriminals only managed to access internal operating software, which is not related to confidential information. No evidence was found that data or trade secrets had been tapped. <\/p>

The incident was uncovered by in-house monitoring tools that documented the intrusion of the unauthorized actors through stolen credentials. According to T-Mobile, the criminals’ access was quickly cut off, and the compromised credentials used were immediately deactivated. The company’s systems and processes have been cleaned up and are working as intended. <\/p>

The cyber incident was brought to the fore by independent investigative journalist Brian Krebs, who was the first to report on the cyber incident<\/a>. He was able to analyze leaked Telegram chat messages between members of the Lapsus$ gang and determine that the attackers had managed to steal internal source code from T-Mobile and then penetrate the systems. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

What are the risks for my company?<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

According to T-Mobile, the criminal hacker group only had access to internal systems, but these were not related to sensitive data or even customer data. Sensitive information was not stolen and could therefore not be offered for sale on the darknet. <\/p>

Therefore, it can be assumed that there is no immediate risk for T-Mobile customers \u2013 nevertheless, vigilance is required. As always: <\/p>