Lapsus$

Lapsus$, stylised as LAPSUS$, was an international hacker group known for cyberattacks against various large tech companies.[1][2]

The group was first noted in December 2021[3] for a breach in the Brazilian Health Ministry's computer systems.[4] The group has since breached big tech companies including Microsoft, Nvidia, and Samsung. The group used the messaging app Telegram for data dump announcements and recruitment. Microsoft gave the group the designation DEV-0537.[5][3]

In March 2022, seven arrests were made by the City of London Police in connection to a police investigation into Lapsus$.[6]

Notable breaches

In 2022, the group was involved in several cybersecurity crimes leading to the publication of victims' data, including:

Interactions

The group used the messaging app Telegram, and the Lapsus$ Telegram channel was used to announce data dumps and to recruit accomplices. As of March 2022, it has nearly 50,000 subscribers.[3] The group posted polls as to which organisation the group should target next.[19]

The FBI made an appeal for information on 21 March 2022.[20]

Operating style

The group's assumed modus operandi was based on obtaining access to a victim organisation's corporate network by acquiring credentials from privileged employees. These credentials were acquired in a number of ways, including recruitment[21] or hacking privileged employees using methods such as SIM swapping.[3] Lapsus$ then used remote desktop or network access to obtain sensitive data, such as customer account details or source code. The group then extorted the victim organisation with threats of disclosing the data.[10] In the conspicuous cases, the data was then subsequently released, and information posted on Telegram.

Composition

A Bloomberg report stated that the group's mastermind was a 16-year-old residing in Oxford, England, and another core member is a teenager in Brazil. The report also stated that the group has seven members and was likely formed recently.[22][23]

Arrests

On 24 March 2022, seven people aged between 16 and 21 were arrested by the City of London Police in connection to a police investigation into Lapsus$. An alleged prominent member of the group with the pseudonym White was arrested in Oxford, England. His identity had allegedly previously been disclosed by a former associate, and various groups including research group Unit 221B were reported to have identified him.[24] Two teenage members were charged on 1 April 2022.[25]

References
  1. Goodin, Dan (4 March 2022). "Cybercriminals who breached Nvidia issue one of the most unusual demands ever". Ars Technica. Retrieved 14 March 2022.
  2. Winder, Davey (8 March 2022). "Samsung Confirms Massive Galaxy Hack After 190GB Data Torrent Shared Via Telegram". Forbes. Retrieved 14 March 2022.
  3. Krebs, Brian (23 March 2022). "A Closer Look at the LAPSUS$ Data Extortion Group". Krebs On Security. Retrieved 24 March 2022.
  4. "Brazil health ministry website hit by hackers, vaccination data targeted". Reuters. 11 December 2021. Retrieved 24 March 2022.
  5. "DEV-0537 criminal actor targeting organizations for data exfiltration and destruction". Microsoft Security Blog. 22 March 2022. Retrieved 24 March 2022.
  6. Peters, Jay (24 March 2022). "Seven teenagers arrested in connection with the Lapsus$ hacking group".
  7. Clark, Mitchell (1 March 2022). "Nvidia says its 'proprietary information' is being leaked by hackers". The Verge.
  8. Cox, Joseph (21 March 2022). "Microsoft Investigating Claim of Breach by Extortion Gang". Motherboard. Vice. Retrieved 21 March 2022.
  9. Clark, Mitchell; Lawler, Richard; Peters, Jay (22 March 2022). "Microsoft confirms Lapsus$ hackers stole source code via 'limited' access". The Verge. Vox Media. Retrieved 22 March 2022.
  10. Abrams, Lawrence. "Lapsus$ hackers leak 37GB of Microsoft's alleged source code". BleepingComputer. Retrieved 23 March 2022.
  11. Newman, Lily Hay (22 March 2022). "'This Is Really, Really Bad': Lapsus$ Gang Claims Okta Hack". Wired. Retrieved 23 March 2022.
  12. Sharma, Ax. "E-commerce giant Mercado Libre confirms source code data breach". BleepingComputer. Retrieved 23 March 2022.
  13. Glover, Claudia (7 March 2022). "Is Lapsus$ targeting Big Tech after Samsung breach?". Tech Monitor. Retrieved 14 March 2022.
  14. Peters, Jay (11 March 2022). "Ubisoft says it experienced a 'cyber security incident', and the purported Nvidia hackers are taking credit". The Verge. Retrieved 14 March 2022.
  15. Porter, Jon (22 March 2022). "Okta hack puts thousands of businesses on high alert". The Verge. Retrieved 22 March 2022.
  16. Newman, Lily Hay (28 March 2022). "Leaked Details of the Lapsus$ Hack Make Okta's Slow Response Look More Bizarre". Wired. Retrieved 1 April 2022.
  17. Goodin, Dan (30 March 2022). "IT giant Globant discloses hack after Lapsus$ leaks 70GB of stolen data". Ars Technica. Retrieved 31 March 2022.
  18. Krebs, Brian (22 April 2022). "Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code". Krebs on Security. Retrieved 22 April 2022.
  19. Newman, Lily Hay (15 March 2022). "The Lapsus$ Hacking Group Is Off to a Chaotic Start". Wired.
  20. "Most Wanted: LAPSUS$". www.fbi.gov. 21 March 2022. Archived from the original on 3 April 2022. Retrieved 5 April 2022.
  21. Paganini, Pierluigi (11 March 2022). "Lapsus$ Ransomware Group is hiring, it announced recruitment of insiders". Security Affairs. Retrieved 23 March 2022.
  22. Burt, Jeff (17 March 2022). "Lapsus$ gang sends a worrying message to would-be criminals". www.theregister.com.
  23. Turton, William; Robertson, Jordan (23 March 2022). "Teen Suspected by Cyber Researchers of Being Lapsus$ Mastermind". Bloomberg. Retrieved 23 March 2022.
  24. "Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal". BBC News. 24 March 2022. Retrieved 25 March 2022.
  25. "Lapsus$: Two UK teenagers charged with hacking for gang". BBC News. 1 April 2022.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.