According to new data on T-mobile cyberattack, T-Mobile experienced more than 100 separate cybercrime incidents in 2022. It is where cybercriminal groups claim access to its internal networks. These groups phished T-Mobile employees for access to company tools and used this access as a cybercrime service. The groups involved are all active in 2023. Advertise their access to T-Mobile systems in open channels on the messaging platform Telegram. Each “T-Mobile up” post announces a SIM-swapping opportunity for a specific price. With the handle of the person taking the payment and information about the target subscriber. The project initially was aiming to catalog the “T-Mobile up” posts and track claims. It was for only the first seven-and-a-half months of 2022. As the groups collectively made SIM-swapping claims on 104 separate days. Often with multiple groups claiming access on the same days.

SIM-swapping groups target T-Mobile.

SIM-swapping involves temporarily seizing control over a target’starget’s mobile phone number. As countless websites and online services use SMS text messages for password resets and multi-factor authentication, stealing someone’ssomeone’s phone number can give cybercriminals access to the target’s entire digital life. It includes access to any financial, email, and social media accounts tied to that phone number. The three SIM-swapping groups tracked in this project. All these groups are effective and active, with all conducting business on open channels on the messaging platform Telegram.

The group’s access to T-Mobile systems is advertised similarly, with each SIM-swapping opportunity announced with a “T-Mobile up” message. The adverts include the price for a single SIM swap request. And the handle of the person who takes the payment. Also information about the targeted subscriber. The customer must provide the target’s phone number and the serial number tied to the new SIM card. It will be useful to receive text messages and phone calls from the hijacked phone number.

Although the groups periodically offer SIM-swapping services for other mobile phone providers. These solicitations appear far less frequently in these group chats than T-Mobile swap offers. Moreover, SIM swaps offered against AT&T and Verizon customers often cost over twice the prices advertised for a T-Mobile customer.

T-Mobile responds to cybercrime attacks.

KrebsOnSecurity shared significant data with T-Mobile, which declined to confirm or deny the claims. However, the company released a written statement stating that this type of activity affects the entire wireless industry and is constantly fighting against it. The statement also read that the company had been driving enhancements to protect against unauthorized access, such as enhancing multi-factor authentication controls, hardening environments, limiting access to data, apps, or services, and gathering threat intelligence data.

The cybercriminal handles that were posting ads for SIM-swapping opportunities generally did so on a daily or near-daily basis, teasing their upcoming swap events in the hours before posting a “T-Mobile up” message announcement. If these SIM-swapping services were ripping off their customers or claiming to have access that they didn’t-didn’t, this would be immediately obvious from the responses of the more seasoned and serious cybercriminals in the same chat channel.

There are many people on Telegram claiming to have SIM-swap access at major telecommunications firms, but a great many such offers are four-figure scams, and any pretenders on this front are soon identified and banned. One of the groups that reliably posted “Tmo up!” messages to announce SIM-swap availability against T-Mobile customers also reliably posted “Tmo down!” follow-up messages announcing exactly when their claimed access to T-Mobile employee tools was discovered and revoked by the mobile giant.

A review of the timestamps associated with this group’s “Tmo up” and “Tmo down” posts indicates that while their claimed access to employee tools T-Mobile’s Response.

KrebsOnSecurity analysis on T-mobile cyberattack

KrebsOnSecurity reached out to T-Mobile for comment on the T-mobile cyberattack. In response, the company declined to confirm or deny the claims but acknowledged that this activity affects the entire wireless industry. The company stated that it is continuously working to fight against these cyber threats by implementing various security measures, including enhancing multi-factor authentication controls, limiting access to data, apps, or services, and gathering threat intelligence data to strengthen ongoing efforts.

T-Mobile also assured its customers that it takes protecting their data and privacy seriously and is committed to informing them about potential threats or breaches. The company encourages its customers to remain vigilant and protect themselves by enabling two-factor authentication, using strong and unique passwords and monitoring their accounts regularly for any unusual activity.