New data reveals that during 2022, more than 100 individual cases involved 3 distinct cybercriminal groups seeking ownership of the internal systems at communications major T-Mobile.
The hackers’ intent in each instance was the same: they aimed to trick T-Mobile staff into allowing them entry to private business information, and then utilize that data to develop a cybercrime service that anybody could utilize to have their text messages and phone calls redirected to some other phone.
The above-mentioned conclusions are based on an in-depth examination of Telegram chat records from three different cybercrime performers or groups that security investigators have found as being especially active in and proficient at “SIM-swapping,” which entails momentarily gaining charge of a target’s mobile phone number.
Numerous websites and internet services employ text messages sent via SMS for multi-factor authentication and password resets. This indicates that by taking a person’s mobile number, cybercriminals may very rapidly gain ownership of the victim’s whole digital life, including any financial, email, and social media profiles connected to that mobile number.
In 2023, all three SIM-swapping firms that were followed for this article are still operating, and all of them do so in public Telegram channels.
Since they will simply move to more private servers if revealed publically, KrebsOnSecurity is not identifying those channels or organizations here. Nevertheless, for the time being, those servers continue to provide vital information about their activity.
Similar ads are used by each for their alleged access to T-Mobile systems. Every SIM-swapping chance is at the very least notified to channel members with a quick “Tmobile up!” or “Tmo up!” message.
The cost for a single SIM-swap demand, the account of the individual who accepts money, and details about the targeted user are also included in the announcements.
The target’s mobile number as well as the serial number linked to the fresh SIM card that will be used to get text messages and phone calls from the hijacked mobile number are information that must be provided by the user of the SIM-swapping service.
This program’s original intention was to collect all of the “Tmo up!” messages from each day of 2022, beginning on December 31 and calculate how many times every organization announced a connection to T-Mobile.
The rest of the year’s timeline, though, appeared superfluous by the moment we reached the statements made in the middle of May 2022. The total reveals that these organizations jointly issued SIM-swapping allegations against T-Mobile on 104 various days in the final seven and a half months of 2022, frequently with various organizations filing claims on the same day.
T-Mobile got a sizable amount of the information gathered by KrebsOnSecurity for this article. Any of these alleged breaches were neither confirmed nor dismissed by the company. T-Mobile, meanwhile, stated in a written statement that this kind of action has an effect on the whole wireless market.
“And we are constantly working to fight against it,” the statement reads. “We have continued to drive enhancements that further protect against unauthorized access, including enhancing multi-factor authentication controls, hardening environments, limiting access to data, apps or services, and more. We are also focused on gathering threat intelligence data, like what you have shared, to help further strengthen these ongoing efforts.”