Who’re the Lapsus$ hackers and what do they need?


A prolific hacking gang is making a reputation for itself with a string of cyberattacks in opposition to a spread of high-profile targets. Inside days, a gaggle referred to as Lapsus$ revealed that it had stolen information from big-name organizations together with Microsoft and Okta.

The Lapsus$ marketing campaign seems to be aimed toward soliciting ransom funds, threatening to leak stolen data if its extortion calls for usually are not met. Whereas this tactic is a well-known one, typically utilized by ransomware gangs as an added benefit to forcing victims to pay a ransom for decryption keys, within the case of Lapsus$, there isn’t a indication that ransomware assaults. As a result of no information is encrypted.

However that does not imply the assaults aren’t dangerous: Microsoft Safety notes that there is proof of a damaging ingredient to the assaults for victims who will not give in to calls for for extortion.

See: This sneaky sort of phishing is on the rise as hackers see greater paydays

Enterprise id and entry administration supplier Okta Lapsus is among the greatest victims of $7, in an incident during which the corporate says attackers might have gained data on about 2.5% of Okta prospects – a determine that the corporate says. that represents 366 organizations.

Okta disclosed the breach on March 22, and the corporate stated it “concerned” an tried safety breach in January. Nevertheless, Lapsus$ has since claimed to have the ability to entry a assist engineer’s laptop computer and posted screenshots claiming entry to the system. In a weblog submit, Okta says that the laptop computer belonged to a assist engineer working for a third-party supplier and that Okta itself was not compromised. Nevertheless, the corporate says that it has contacted the affected folks.

Microsoft has additionally confirmed that the settlement was accomplished by Lapsus$. Whereas the corporate says attackers gained restricted entry, hackers posted a torrent file claiming to have supply code from Bing, Bing Maps, and Cortana.

Whereas claiming Okta and Microsoft as victims has drawn eyes on Lapsus$, the group is just not model new, has been lively since at the least December 2021 and has been claiming a number of victims in current months.

One of many group’s first victims was Brazil’s Ministry of Well being, which had stolen and deleted greater than 50TB of knowledge from its programs. The race contained information associated to the COVID-19 pandemic, together with instances, deaths, vaccinations, and extra. It took a month for the system to be up and operating once more.

Different victims of Lapsus$ assaults in current months embody a number of expertise and gaming firms. In February, Nvidia grew to become the sufferer of a cyber safety incident attributed to Lapsus$. The group claims to have stolen greater than 1TB of knowledge from the microchip maker, together with worker passwords.

One other high-profile sufferer of Lapsus$ is Samsung, which confirmed that information was breached within the assault, together with supply code belonging to Samsung Galaxy smartphones. Samsung says no private data was stolen within the assault.

Lapsus$ additionally claimed a settlement with online game developer Ubisoft. The corporate stated it was the sufferer of a “cyber safety incident” that pressured password refreshes throughout the group.

See: Cyber ​​Safety: Let’s Get Tactical (ZDNet particular report)

Not a lot is thought about Lapsus$, apart from that it’s a cyber-criminal gang – believed to function from South America – that hacks into the networks of huge organizations to steal information and extort funds. .

Not like ransomware gangs that use darkish net web sites to publish stolen information, Lapsus$ makes use of a Telegram channel to share details about its assaults – and the knowledge stolen from its victims. – Instantly with anybody who has subscribed to it.

In terms of conducting assaults, Lapsus$ seems to be just like many different cyber-criminal operations, exploiting public-facing Distant Desktop Protocol (RDP) capabilities and permitting entry to accounts and networks. Deploys phishing emails. The group additionally purchases stolen credentials from underground boards and searches public dumps of usernames and passwords for credentials that can be utilized to achieve entry to the accounts.

Lapsus$ additionally makes use of its public-facing Telegram channel to submit messages, to doubtlessly malicious insiders, in alternate for an unspecified fee in an undisclosed foreign money equivalent to a Digital Personal Community (VPN), Digital Desktop Infrastructure (VDI), or Citrix. Encourages you to supply credentials.

It is unlikely that the assaults will cease abruptly – the group could also be cheering even after claiming a number of high-profile victims – however to assist keep away from falling sufferer to cyberattacks by Lapsus$ or different felony hacking teams. Companies can take some steps for this.

This consists of securing remote-working applied sciences like VPN and RDP with robust, hard-to-guess passwords, and strengthening that protection with multi-factor authentication. As well as, any customers who suppose their account has been compromised ought to change their password instantly. Companies ought to practice staff to determine and report phishing emails.

extra on cyber safety



Supply hyperlink