Cybercrime is becoming a threat to tech companies globally and one of the most talked about and feared hacker cyber-crime gangs, Lapsus$, has its eyes on major firms like Microsoft.
Reportedly led and run by some group of teenagers, Lapsus$ hacking group has continued to threaten the security of big tech companies despite some of the group members allegedly arrested in March 2022.
According to The CyberWire, the group’s tactics differ from other threat groups’ in that Lapsus$ “eschews the typical exfiltrate-encrypt-extort playbook, instead concentrating on the data theft and extortion, and the gang has a flair for the dramatic in its demands.
Its recent victim was global ride-hailing platform Uber whose internal computers were compromised, leading to the closure of the firm’s internal operations.
In a statement on Monday, Uber accused Lapsus$ of the hack, adding that the group hacker downloaded some internal Slack messages as well as information from an internal tool used by the company’s finance team to manage invoices.
Apart from Uber and Microsoft, Lapsus$ which emerged in December 2021 and its hacker crew which is believed to be based in South America have attacked firms like Samsung, amongst others.
See the list of companies attacked by Lapsus$ below:
- Globant: Digital transformation developer Globant confirmed that Lapsus$ had stolen source code developed for its clients. Source: SC Media, March 30, 2022.
- Microsoft Azure: Lapsus$ claims to have leaked the source code for Bing, Cortana, and other projects stolen from Microsoft’s internal Azure DevOps server. Microsoft later confirmed a hack by Lapsus$. Sources: BleepingComputer and Microsoft, March 22, 2022.
- Nvidia: A cyberattack targeting Nvidia allegedly involved the Lapsus$ ransomware gang. Attackers have since leaked some Nvidia company information online, but the cyberattack did not impact the company’s operations and there’s no evidence that ransomware was deployed on Nvidia’s network, the chip maker has stated. Source: MSSP Alert, March 1, 2022.
- Okta: The identity and access management (IAM) software company is investigating an alleged data breach that may have been launched by Lapsus$. In a tweet, Okta CEO Todd McKinnon said there was no evidence of malicious activity beyond some activity detected in January 2022. Still, some observers expressed concern that Okta partners and customers could potentially suffer from a supply chain attack. Source: MSSP Alert, March 22, 2022.
- Samsung: The mobile device giant confirmed a rumoured data breach in which hackers stole some Galaxy device source code. Still, Samsung stopped short of blaming the alleged culprit — Lapsus$ — for the breach. Source: MSSP Alert, March 7, 2022.
- T-Mobile: Lapsus$ breached T-Mobile multiple times in March 2022, stealing source code for a range of company projects. T-Mobile says no customer or government information was stolen in the intrusion. Source: KrebsOnSecurity, April 22, 2022.