Tag: lapsus$
DHS Board Starts Investigating Lapsus$ Teen Hacker Group
Lapsus$, which has been outed as a teenage hacking group, is believed to be behind data breaches at Uber, Rockstar Games, Microsoft, Okta and other major companies earlier this year. Data extortion groups break into a company’s systems, steal prized information like source codes, and then demand a payment from the company to stop them from leaking the stolen information. Specifically, Lapsus$ targets companies through MFA fatigue, where they use stolen login credentials to log in to a network and then spam account owners with two-factor authentication requests on their phones until they accept one. Suspected members of the gang are believed to be based in the U.K. and have been arrested several times throughout the year.
Read more of this story at Slashdot.
The Dire Warnings in the Lapsus$ Hacker Joyride
Dow Jones Newswires: Uber breach stemmed from contractor, Lapsus$ hackers suspected
Uber Says It Was Likely Hacked by Teenage Hacker Gang LAPSUS$
Uber has published additional information about how it was hacked, claiming that it was targeted by LAPSUS$, a cybercriminal gang with a hefty track record that is thought to be composed largely of teenagers.
Uber blames security breach on Lapsus$, says it bought credentials on the dark web
Uber claims hack came from Lapsus$, the group behind Microsoft and T-Mobile attacks
Uber believes it has identified the team behind last week’s hack, and the name will sound all too familiar. In an update on the breach, Uber said the perpetrator was affiliated with Lapsus$, the hacking group that has targeted tech firms like Microsoft, Samsung and T-Mobile. The same intruder might also have been responsible for the Rockstar hack that leaked Grand Theft Auto VI, Uber said.
It’s also clearer just how the culprit may have accessed Uber’s internal systems. The attacker likely bought the contractor’s login details on the dark web after they’d been exposed through a malware-infected computer. Two-factor authentication initially prevented the hacker from getting in, but the contractor accepted an authentication request — that was enough to help the invader compromise employee accounts and, in turn, abuse company apps like Google Workspace and Slack.
As before, Uber stressed that the hacker didn’t access public-facing systems or user accounts. The codebase also remains untouched. While those responsible did compromise Uber’s bug bounty program, any vulnerability reports involved have been “remediated.” Uber contained the hack by limiting compromised accounts, temporarily disabling tools and resetting access to services. There’s also extra monitoring for unusual activity.
The incident update suggests the damage to Uber is relatively limited. However, it also indicates that Lapsus$ is still hacking high-profile targets despite arrests. It also underscores major tech companies’ continued vulnerability to hacks. In this case, one wrong move by a contractor was all it took to disrupt Uber’s operations.