- The group has a shady history and uses unusual means.
- Microsoft discovered a hacked account with restricted access.
A digital extortion gang with a shady past and unusual methods one researcher described them as “laughably terrible” at times has claimed credit for a succession of hacks against some of the world’s most powerful technology firms.
The gang, known as Lapsus$, said it had accessed Okta Inc., a San Francisco-based identity-management firm that provides authentication capabilities for a variety of commercial clients, in a series of public posts on the Telegram messaging app this week. After hacking the laptop of a third-party vendor, Okta revealed Tuesday that attackers may have viewed data from about 2.5 percent of its clients.
Nvidia Corp., Samsung Electronics Co., and the gaming giant Ubisoft Entertainment SA are among the companies that Lapsus$ has previously claimed to have hacked. The organisation also claimed to have obtained data from Microsoft Corp., claiming to have obtained source code from Microsoft’s Bing search engine, Bing Maps, and Cortana personal assistant. According to Microsoft, attackers acquired “limited access” to its networks and used a single account to gather data.
Most hacker groups have employed software to encrypt a victim’s files and then demanded payment to unlock them in recent years, known as ransomware. Occasionally, the gangs steal important information and threaten to release it unless they are paid.
According to Microsoft, Lapsus$ is a “large-scale social engineering and extortion campaign,” although it does not use ransomware. According to Microsoft, the group utilises phone-based strategies to target personal email accounts at victim firms and pays individual employees or business partners for unauthorised access.
Lapsus$ is also renowned for stealing user funds from cryptocurrency exchanges by hijacking individual accounts.
The group invited followers to provide access to a virtual private network inside their employers’ computers, or share data on how to access remote work tools, in a post on its Telegram channel on March 10. They also wanted to talk to telecommunications businesses, software and gaming companies, and Latin American phone carriers.
Lapsus$ may have been active as early as mid-2021, according to Joshua Shilko, a senior principal analyst at cybersecurity firm Mandiant Inc., when group members were posting in underground forums. “They’re after the limelight.” They want to be in the spotlight,” he said, adding that research suggests they are driven by money.
Okta Chief Executive Officer Todd McKinnon responded to the Lapsus$ claim on Twitter, saying the issue stemmed from a January security incident.
On Tuesday, Okta Chief Security Officer David Bradbury highlighted a five-day period in January during which an attacker acquired access to a laptop belonging to a third-party vendor’s support engineer. In January, the corporation discovered an unsuccessful hacking effort, according to Bradbury. Okta’s stock dropped more than 8% before recovering nearly all of its losses on Tuesday.
Okta was not the ultimate objective, according to the group’s Telegram channel, which released a series of screenshots it said were proof of the attack. “BEFORE PEOPLE ASK: WE DID NOT ACCESS/STEAL ANY DATABASES FROM OKTA – our exclusive emphasis was on okta consumers.”
The group’s tactics are “very strange,” according to Brett Callow, a threat analyst at cybersecurity firm Emsisoft. “Suggest that they may be kids who are in it for the lulz as much as they are for the dollars,” he said. (“Lulz” is a shortened version of LOL, which stands for “laugh out loud.”)
According to Allan Liska, an intelligence analyst at threat-intelligence firm Recorded Future, the group’s first activity revealed that at least part of its members were in Brazil, given that was the home country of many of the organisations attacked. According to Liska, membership in hacking collectives is variable. According to Recorded Future, there hasn’t been any activity from alleged Lapsus$ members on major Russian-language forums.
“They appear to be hilariously terrible at times, but then they expose Microsoft source code,” he explained. “It’s possible that this is the same mix of extremely talented members and a few fools.” Every now and again, even idiots achieve success.”
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.