Bảo mậtCông nghệSố hóa

Lapsus$ – a group of teenage hackers who attacked a series of tech companies

Most of the members of Lapsus$ are believed to be teenagers, but it has caused problems for many big companies like Microsoft, Samsung, Nvidia…

“I want to send a message to EA through you,” someone chatted with Joseph Cox, a reporter for ugliness in May 2021 after EA was hacked. “Want to know what the motive of our hacking is? It’s money, right?”.

The group is then determined to retain vast amounts of data from gaming company Electronic Arts (EA), including a series of hit games such as FIFA Online and Frostbite development tools.

“The hacker group wanted to extort money from EA but it was unbelievably awkward. They didn’t know who to send the request to, and ended up seeing me as a journalist to act as their guide. A reckless attempt.” Cox comments.





Lapsus$ members are young but are not afraid to openly attack big companies.  Photo: Cyber ​​Kendra

Lapsus$ members are young but are not afraid to openly attack big companies. Photo: Cyber ​​Kendra

Since the hack against EA, Lapsus$ has become one of the most well-known ransomware groups operating in public places. This group is different from other hackers who are always trying to hide themselves and limit the disclosure of their identities.

However, Lapsus$ has only really received attention since December 2021. At that time, they carried out a series of attacks against the Brazilian Ministry of Health system, retrieving 50 TB of data. In January, they continued to target companies and organizations in South America and Portugal, including Vodafone.

Early last February, the Lapsus$ campaign was truly horrendous, when a series of major global technology companies such as Nvidia, Microsoft, Samsung… Okta, a San Francisco-based company that operates digital lock systems for individuals, organizations, businesses and government agencies, is the latest victim. Based on TNW, the damage in Okta’s case is very serious, when more than 3,500 large companies around the world use this enterprise solution. Meanwhile, Okta acknowledged that 366 of its customers were affected by the attack.

How it works

Based on Bleeping Computer, Lapsus$’s main objective in most attacks is extortion. But unlike hackers who use ransomware to encrypt data and demand ransom, these groups often take advantage of loopholes from employees at the victim’s company, target employee accounts, or pay people at the company to gain access. They then steal proprietary data and demand businesses to pay millions of dollars in return.

In fact, after being hacked last week, David Bradbury, Okta’s Chief Security Officer, said hackers got into the system by remotely accessing the computers of third-party engineers. Microsoft also confirmed that one company admin account had been compromised and proceeded to grant permission to another account for the hacking process. Several other victims also admitted that their systems were hacked through “insiders”.

Another form adopted by the group is change sim. Based on CBC, the criminals exploit the vulnerability of the network operator, or operator staff to copy the victim’s phone number. For online accounts that use two-factor authentication, password recovery information can be sent by phone number. The bad guys after copying the phone number and can take over the account. This type of attack was quite popular in the past, it has recently been found in the cryptocurrency field.

In addition, independent security researchers found that Lapsus$ had purchased stolen cookie data packages. Basically, hackers can “embed” this data into the victim’s browser, trick the system into becoming a legitimate user, log into administrative accounts, and finally carry out the attack.

In addition, Microsoft found, Lapsus$ also tried to use password stealing software. They also exploit unpatched vulnerabilities to gain deeper access to the interior of the target system.

Young but dangerous

Despite the sophisticated methods of attack, evidence suggests that those behind it were teenagers. Based on Bloomberggroup key member 16 years, lives in Oxford. British police last week too catch 7 people 16 to 21 years old, suspected to be members of Lapsus$.

There is a lot of evidence that shows that this hacker group’s attack method is full of loopholes, even amateurs. Microsoft says it has been tracking the group for some time under the code name DEV-0537.

“Unlike other professional hackers, the DEV-0537 doesn’t appear to be hiding its tracks,” Microsoft said on the blog. “They easily leak information through announcements of attacks on social networks.”

Security experts at cybersecurity analytics firm Silent Push agree. “The group seems to be inexperienced kids but want to prove themselves through blackmail attacks,” commented expert Inês Vestia. ugliness.

Lapsus$ currently has two Telegram channels. The first channel is only admins posting information, mainly sharing attack details or download links of released data. Meanwhile, the second channel is a place to chat, anyone can comment and is currently attracting more than 10,000 members.

“Lapsus$ has a strange hobby that as many people as possible want to know about,” said Joshua Shilko, an analyst at cybersecurity firm Mandiant. “They’re also not afraid of being tracked down.”

With Lapsus$ carrying out a series of attacks on major tech companies without fear, many other businesses fear they will be the next target. According to Microsoft, organizations and individuals can protect their own systems by strengthening multi-factor authentication (MFA) security, end-to-end encryption, monitoring, and protection when using cloud data, primarily to raise awareness for system operators against being bribed. ..

Bao Lam

You are reading the article Lapsus$ – a group of teenage hackers who attacked a series of tech companies

at Blogtuan.info – Source: vnexpress.net – Read the original article here

Back to top button