While every State fears that Russia may be prepping major cyberattacks to follow the patterns of a typical 21st century war scenario, other hackers are robbing major tech companies blind. Lapsus$, which is localized in South America but could be located anywhere on the globe, has been making the headlines those past few weeks for stealing significant portions of code from big tech companies and publishing them online.
In February 2022, Nvidia, the US electronics manufacturer, confirmed that a “cybersecurity issue” led to the theft of a terabyte of sensitive data about the company’s employees along with drivers and firmwares. Lapsus$ sucked it all out during a whole week through the VPN account of an employee of Nvidia. The group had a very specific goal in mind: To bust the limits on cryptocurrency mining the big tech companies are now applying on consumers’ electronics.
A week later, Lapsus$ published its latest catch, 190 gigs of source code stolen from Samsung’s Galaxy. More specifically, the group of hackers stole loads of sensitive code used to manage security on Galaxy devices: biometric unlocking algorithms, access control keys, activation code, …
The group Lapsus$ officially exists since 2020. Some say that, in their early days, their targets and exploits were more modest and limited to lusophone victims. We think they published Nvidia’s and Samsung’s data online because the tech companies refused to submit to a ransomware, but that has not been effectively proven. In January, the group infiltrated the press group Impresa and demanded a ransom through the group’s websites. Brazil’s health department was also a victim of the Lapsus$ radical modus operandi, and has lost sizable chunks of data along the way.
Ironically, Lapsus$ is gaining an Anonymous-like popularity as the group of hackers has developed a Social Media strategy that generates attention and participation. The group has released the stolen source codes mentioned above through a Telegram channel, which is also being used to state their demands and poll users on which targets should be next. Through the same Telegram channel, Lapsus$ recruits company insiders who would be willing to share their access to their employer’s network. “You will be paid” concludes those messages.
Lapsus$ has also been cruising through the sensitive data of LG and Okta, the latter being a provider of cyberprotection to hundreds of major multinationals. If Okta has been compromised, Lapsus$ could then hack its way around almost any large company.
While Ubisoft also fell under the unstoppable cyberattacks of Lapsus$, the latest victim was Microsoft, from which Lapsus$ has stolen 37 gigs of sensitive data that it posted on its Telegram channel a few days ago.
Obviously, the group operates completely hidden, anonymously. In early March, the group released a hacked list of cyber-delinquants in which one member of the group is supposedly identified. Such a naive self-breach of identity is hardly possible coming from a group of experts, but the playfulness of the bunch is enjoyable. On one end, cybersecurity experts think the group has an immature way of operating, but on the other end, Lapsus$ has been causing so much mayhem in the tech industry with a blitzkrieg fashion that the lack of maturity seems to be more an act of disguise then a real lack of discretion.