Jump to content

Lapsus$: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
→‎top: a few hacks
Tags: Mobile edit Mobile web edit Advanced mobile edit
Line 22: Line 22:
Lapsus$'s ''[[modus operandi]]'' appears to be based on obtaining access to a victim organisation's corporate network by acquiring credentials from privileged employees. These individuals may be recruited<ref name=RecruitSA>{{cite web |title=Lapsus$ Ransomware Group is hiring, it announced recruitment of insiders |url=https://securityaffairs.co/wordpress/128912/cyber-crime/lapsus-ransomware-is-hiring.html |website=Security Affairs |access-date=2022-03-23 |date=11 March 2022}}</ref> or themselves hacked, e.g. via [[SIM swap]].<ref name=Krebs /> Lapsus$ then uses [[remote desktop]] or network access to obtain the sensitive data, such as customer account details and source code. The group will then extort the victim organisation, with threats of disclosing the data.<ref name=Ms37Bleep /> The misappropriated data may be subsequently released, and announced on Telegram.
Lapsus$'s ''[[modus operandi]]'' appears to be based on obtaining access to a victim organisation's corporate network by acquiring credentials from privileged employees. These individuals may be recruited<ref name=RecruitSA>{{cite web |title=Lapsus$ Ransomware Group is hiring, it announced recruitment of insiders |url=https://securityaffairs.co/wordpress/128912/cyber-crime/lapsus-ransomware-is-hiring.html |website=Security Affairs |access-date=2022-03-23 |date=11 March 2022}}</ref> or themselves hacked, e.g. via [[SIM swap]].<ref name=Krebs /> Lapsus$ then uses [[remote desktop]] or network access to obtain the sensitive data, such as customer account details and source code. The group will then extort the victim organisation, with threats of disclosing the data.<ref name=Ms37Bleep /> The misappropriated data may be subsequently released, and announced on Telegram.
===Composition===
===Composition===
A [[Bloomberg News|Bloomberg]] report revealed the group's mastermind is a 16-year old residing in [[Oxford]], [[England]], and another core member is a teenager in [[Brazil]].<ref name="BloombergInfo"/> It is believed that there are at least 7 members.<ref name="BloombergInfo" /> The gang is believed to be a recently formed, and not a rebranding.<ref name=RegisterInfo />
A [[Bloomberg News|Bloomberg]] report revealed the group's mastermind is a 16-year old residing in [[Oxford]], [[England]], and another core member is a teenager in [[Brazil]].<ref name="BloombergInfo"/> It is believed that there are at least 7 members.<ref name="BloombergInfo" /> The gang is believed to be recently formed, and not a rebranding.<ref name=RegisterInfo />


==References==
==References==

Revision as of 12:07, 24 March 2022

Lapsus$, stylized as LAPSUS$, is a hacker group known for various cyberattacks against large tech companies.[1][2]

Lapsus$ were first noted in December 2021[3] for a breach in the Brazilian Health Ministry's computer systems,[4] and have gone on to exfiltrate data from big tech companies including Microsoft, Nvidia and Samsung. The group uses the messaging app Telegram for data dump announcements and recruitment.

Notable breaches

In 2022, the group was involved in many cybersecurity crimes leading to the publication of victims' data, including:

  • leaking source code and employee credentials from technology company Nvidia,[1] including the release of code-signing certificates[5]
  • a breach within the technology company Microsoft,[6][7] and the release of 37GB of code from an Azure dev ops server. This was claimed to include 90% of the source code for the Bing search engine[8][9]
  • a breach of Mercado Libre[10]
  • a release of the source code of Samsung Galaxy phones and Samsung company data[11]
  • a cybersecurity incident within the gaming company Ubisoft[12]
  • a breach in the authentication company Okta[13]

Analysis

Telegram

The Lapsus$ telegram channel is used to announce data dumps and to recruit accomplices. As of March 2022, it has almost 50,000 subscribers.[3] The group posts polls as to which organisation the group should target next.[14]

Operating style

Lapsus$'s modus operandi appears to be based on obtaining access to a victim organisation's corporate network by acquiring credentials from privileged employees. These individuals may be recruited[15] or themselves hacked, e.g. via SIM swap.[3] Lapsus$ then uses remote desktop or network access to obtain the sensitive data, such as customer account details and source code. The group will then extort the victim organisation, with threats of disclosing the data.[8] The misappropriated data may be subsequently released, and announced on Telegram.

Composition

A Bloomberg report revealed the group's mastermind is a 16-year old residing in Oxford, England, and another core member is a teenager in Brazil.[16] It is believed that there are at least 7 members.[16] The gang is believed to be recently formed, and not a rebranding.[17]

References

  1. ^ a b Goodin, Dan (4 March 2022). "Cybercriminals who breached Nvidia issue one of the most unusual demands ever". Ars Technica. Retrieved 2022-03-14.
  2. ^ Winder, Davey. "Samsung Confirms Massive Galaxy Hack After 190GB Data Torrent Shared Via Telegram". Forbes. Retrieved 2022-03-14.
  3. ^ a b c "A Closer Look at the LAPSUS$ Data Extortion Group – Krebs on Security". Krebs On Security. Retrieved 2022-03-24.
  4. ^ "Brazil health ministry website hit by hackers, vaccination data targeted". Reuters. 11 December 2021. Retrieved 2022-03-24.
  5. ^ Clark, Mitchell (1 March 2022). "Nvidia says its 'proprietary information' is being leaked by hackers". The Verge.
  6. ^ Cox, Joseph (21 March 2022). "Microsoft Investigating Claim of Breach by Extortion Gang". Motherboard. Vice. Retrieved 21 March 2022.
  7. ^ Clark, Mitchell; Lawler, Richard; Peters, Jay (22 March 2022). "Microsoft confirms Lapsus$ hackers stole source code via 'limited' access". The Verge. Vox Media. Retrieved 22 March 2022.
  8. ^ a b "Lapsus$ hackers leak 37GB of Microsoft's alleged source code". BleepingComputer. Retrieved 2022-03-23.
  9. ^ Newman, Lily Hay. "'This Is Really, Really Bad': Lapsus$ Gang Claims Okta Hack". Wired. Retrieved 2022-03-23.
  10. ^ "E-commerce giant Mercado Libre confirms source code data breach". BleepingComputer. Retrieved 2022-03-23.
  11. ^ Glover, Claudia (7 March 2022). "Is Lapsus$ targeting Big Tech after Samsung breach?". Tech Monitor. Retrieved 14 March 2022.
  12. ^ Peters, Jay (11 March 2022). "Ubisoft says it experienced a 'cyber security incident', and the purported Nvidia hackers are taking credit". The Verge. Retrieved 2022-03-14.
  13. ^ Porter, Jon (22 March 2022). "Okta hack puts thousands of businesses on high alert". The Verge. Retrieved 22 March 2022.
  14. ^ Newman, Lily Hay. "The Lapsus$ Hacking Group Is Off to a Chaotic Start". Wired.
  15. ^ "Lapsus$ Ransomware Group is hiring, it announced recruitment of insiders". Security Affairs. 11 March 2022. Retrieved 2022-03-23.
  16. ^ a b Turton, William; Robertson, Jordan (23 March 2022). "Teen Suspected by Cyber Researchers of Being Lapsus$ Mastermind". Bloomberg. Retrieved 23 March 2022.
  17. ^ "Lapsus$ gang sends a worrying message to would-be criminals". www.theregister.com.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Lapsus$&oldid=1078991825"