In late March it was reported that LAPSUS$ had breached T-Mobile. The Ransomware and Extortionist group had also breached Okta which provides services to big names like Hitachi, T-Mobile, HP, and Siemens. T-Mobile has now confirmed the LAPSUS$ breach and issued the following statement:
“Several weeks ago, our monitoring tools detected a bad actor using stolen credentials to access internal systems that house operational tools software. The systems accessed contained no customer or government information or other similarly sensitive information, and we have no evidence that the intruder was able to obtain anything of value. Our systems and processes worked as designed, the intrusion was rapidly shut down and closed off, and the compromised credentials used were rendered obsolete.”
According to a Security Researcher, organizations should invest in scrapping criminal bot services like the Russian Market and Genesis regularly. They should also buy back the employee credentials available online to better protect themselves.