LAPSUS$ first gained vast notoriety in February of this 12 months after allegedly stealing 1TB of knowledge from NVIDIA. Whereas the group seems to have been energetic as early as December 2021, NVIDIA was the group’s first excessive profile sufferer. NVIDIA supposedly hit LAPSUS$ again with ransomware, however this counterstrike didn’t deter the group from persevering with its hacking spree. LAPSUS$ went on to steal information from many extra high-profile corporations, together with Samsung, Microsoft, and T-Cell.
Nevertheless, the hacking group’s exercise got here to an abrupt finish in March when the London police arrested seven people suspected of taking part in a hacking operation underneath the title LAPSUS$. The suspects, aged 16 to 21, included the chief of the group who glided by the title “White.” These arrests had been regarded as the tip of LAPSUS$, because the group’s inside chat logs contained simply seven members and their public communications have ceased.
That stated, some mysteries concerning the group’s members and exercise nonetheless linger. Like many current cybercriminals, LAPSUS$ ran a public Telegram channel the place it publicized its exercise. This channel was created on December 9, 2021. LAPSUS$ was initially regarded as primarily based in South America, because the group’s communications had been initially issued primarily in Portuguese, and the group’s first targets had been Brazilian. The NVIDIA breach marked a sudden shift for LAPSUS$, with the hacking group switching its communications completely to English and the group re-focusing on targets positioned exterior of Brazil.
Maybe there have been extra than simply seven members of LAPSUS$. Information of the seven arrests broke on March 24, however the hacking group’s final public communications are dated March 29. The group introduced that it was “formally again from a trip” and posted a hyperlink to a torrent of knowledge stolen from Globant. Had been the members of LAPSUS$ capable of submit these messages on Telegram whereas in custody, or had been there members that escaped arrest?
Uber appears to consider that LAPSUS$ remains to be energetic in some capability, having pinned its current information breach on an actor affiliated with the hacking group. The corporate additionally acknowledged the experiences that this identical actor was behind the Rockstar Video games information breach. That stated, Uber’s investigation of the intrusion into its inside methods remains to be ongoing, so the corporate has but to attract its closing conclusions. The corporate stated that it’s in shut contact with each the FBI and the Division of Justice. Uber additionally recognized the account of an Uber EXT contractor because the preliminary entry level for the hacker and reiterated that its investigation has revealed no proof that the hacker accessed consumer accounts or information.
We’ll need to see if any additional proof surfaces that the actor, or actors, behind the Uber and Rockstar Video games information breaches are linked to LAPSUS$ not directly. Each information breaches appear considerably out of character for LAPSUS$. Up to now, the hacking group has retained stolen information for a interval earlier than releasing it, utilizing the information as leverage to make calls for of the sufferer corporations. Within the case of the Rockstar Video games breach, it appears to be like as if the hacker posted the stolen sport footage straight to the GTA boards. The hacker did point out that he might have extra information to share, however no calls for had been manufactured from Rockstar Video games.
The Uber information breach is much more puzzling, because the hacker has but to publicly point out any intentions to launch stolen information or stated information to make calls for of Uber. He merely posted a handful of screenshots and despatched a message in Uber’s inside Slack workspace with a hashtag stating the Uber underpays its drivers. Each LAPSUS$’ Telegram and Matrix channels additionally stay inactive. If LAPSUS$ was concerned in these current information breaches, they would appear to mark a brand new chapter for the hacking group.