Lapsus$ Hackers Breached Systems of Telecom Giant T-Mobile
Read also: Coca-Cola investigates a possible hack, the US offers a $10 million reward for info on Sandworm hackers, and more.
Thursday, April 28, 2022
Lapsus$ hackers breached systems of telecom giant T-Mobile
The Lapsus$ hacker group compromised systems of the telecom firm T-Mobile and stole source code for various company projects.
The security breach came to light after security expert Brian Krebs released a report detailing internal chats between members of Lapsus$, according to which, the group several times hacked into the T-Mobile systems in March and stole source code for a range of projects. The hackers compromised the telecoms giant’s network using initial access they bought from sites like Russian Market, a marketplace that specializes on stolen data.
The group used social engineering techniques to gain access to the network and targeted the company’s employees who had access to the internal tools that could allow the attackers to conduct a “SIM swapping” attack.
T-Mobile has confirmed the security breach, but stated that no customer or government information had been stolen in the incident.
Zero-day hacking attacks hit record in 2021, researchers say
2021 was a record year for zero-day vulnerabilities, more than doubling the previous maximum, according to a report from the threat intelligence firm Mandiant. The researchers said they identified 80 zero-day flaws exploited in the wild last year, with most of the attacks conducted by state-backed hackers, mainly from China, Russia, and North Korea.
The report also noted that the proportion of financially-motivated cyber criminals, including ransomware gangs, exploiting zero-day vulnerabilities grew to one-third in 2021. Threat actors exploited zero-day flaws in Microsoft, Apple, and Google products most frequently, likely reflecting the popularity of these vendors.
US offers a reward of up to $10 million for info on Sandworm hackers
The US authorities announced a reward of up to $10 million for information on six officers of Unit 74455 associated with the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation believed to be the members of a hacker group known as Sandworm Team, Telebots, Voodoo Bear, and Iron Viking.
According to the US Department of State, these six individuals were responsible for the widespread NotPetya hacking campaign in 2017 that compromised computer systems of hospitals and medical facilities, as well as other private entities in the United States and caused nearly $1 billion in losses.
In October 2020, the US Department of Justice charged the above mentioned officers for carrying out destructive cyberattacks using KillDisk, Industroyer, and Olympic Destroyer malware with an aim to disrupt and destabilize other nations.
Soft drink giant Coca-Cola is investigating claims of a hack and data theft
Multinational beverage corporation Coca-Cola Company has launched an investigation after the Russia-linked ransomware gang Stormous announced it has stolen 161 GB of data from the company’s servers, including financial documents, credentials, and other sensitive information.
The ransomware group is now trying to sell the stolen data for 1.65 Bitcoin (around $64,000). It’s worth noting that while Stormous calls itself ransomware group there is no evidence at this time of writing that the gang deploys ransomware on their victims’ systems.
A Coca-Cola spokesperson told The Record that the company is aware of the claims of the data breach and is now investigating them.
Several French cities suffered internet outages after “acts of vandalism”
Several cities in France, including Paris, Lyon, Bordeaux, Reims and Grenoble, experienced internet outages after suspected acts of vandalism targeting fibre optic cables.
France Secretary of State for the Digital Transition and Electronic Communications Cedric O said on Twitter that internet cables were cut in in the Ile-de-France region affecting the landline and mobile network.
While the minister did not mention vandalism or sabotage, French internet and mobile phone service provider Free said it was a victim of “multiple malicious acts.” France-based operator SFR said it had experienced “several fibre cuts” in the Paris region and in Lyon in southeast France, but declined to provide details on the location of the damaged underground cables.
Rival telecom operators Bouygues Telecom and Orange said they were not impacted in the incident.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Subscribe to newsletter to get the next post automatically
- Explore 18 use cases how ImmuniWeb can help
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
