Lapsus$

Lapsus$ is a hacking group that rose to notoriety when it launched a ransomware attack against the Brazilian Ministry of Health in December 2021. This attack effectively compromised millions of COVID-19 vaccination data records. Lapsus$ continues to target technology companies with additional malicious activity impacting Samsung, Nvidia, Microsoft, and Vodafone. Lapsus$ also appears to have hit Ubisoft’s services and OKTA, although with minimal impact, and Lapsus$ may also have been involved in attacks on EA Games. Lapsus$ may be behind other attacks, including a breach of T-Mobile’s systems and stolen source code and data from an Apple Health partner. Currently, there are no indicators of compromise (IoCs), tactics, techniques, and procedures (TTPs) that can decisively pinpoint Lapsus$ as a potential attacker. Mitre Att&ck does not yet list the Lapsus$ threat group.

This week, Lapsus$ is unfortunately back in the spotlight yet again. Uber believes that a hacker associated with Lapsus$ may have breached some of Uber’s internal systems. The good news is that Lapsus$ does not appear to have compromised any customer or user data during this event. In rapid response, Uber took several internal systems offline, including Slack, Amazon Web Services, and the Google Cloud Platform. Uber is obviously in close contact with the FBI and US Justice Department as the investigation unfolds. However, Uber confirmed that the hacker downloaded internal Slack messages and data from a tool used in finance for invoice management.

Lapsus$’s primary goal is fame and notoriety instead of financial gain.

Lapsus$ Group doesn’t seem to utilize malware or custom tools in breached victim environments, nor do they generally encrypt data and extortion. Most of the Lapsus$ initiative is focused on social engineering and stolen credentials. They’re disarmingly bold. They directly solicit employees on Telegram to get their login credentials. Furthermore, they target prominent and vital industries such as gaming and software. Worst of all, their social engineering works—they repeatedly gain the willing cooperation of the targeted organization’s members! Don’t confuse Lapsus$’s search for fame with an absence of malicious damage. Lapsus$ has, at times, been quite destructive. Some Lapsus$ attacks have been quite debilitating for the targeted organizations, with data destroyed and hundreds or more virtual machines similarly destroyed.

Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels across many industries and from around the world.