Meet Lapsus$, the alleged hackers behind the Uber breach

• Uber said the hacker purchased a contractor's leaked credentials from the dark web and then spammed the contractor with two-factor authentication requests on their phone until they accepted one.
• This tactic is a staple of the Lapsus$ group's work, according to Microsoft.
• The group's goal is to use stolen login credentials to steal company data — especially source code — and impose demands on the victim to stop the group from leaking stolen info.

The big picture: Lapsus$ has been relatively quiet since receiving law enforcement attention in March.

• London police arrested seven teenagers believed to be connected to Lapsus$ hacks, including those targeting Microsoft, Nvidia, Okta, Samsung and T-Mobile.
• Following the March arrests, the group posted in a Telegram channel that it was going on vacation.

The intrigue: Uber acknowledged the hacker has also claimed responsibility for a data breach this weekend at Rockstar Games.

• The intruder posted 90 videos of footage from the upcoming Grand Theft Auto VI.

Catch up quick: Before prosecutors deduced that teenagers are behind Lapsus$, many researchers believed they were actually an up-and-coming Brazilian ransomware gang.

• The gang's early focus late last year on Portuguese-language organizations — including Brazil's health ministry and South American telcos Claro and Embratel — misdirected some onlookers.

What they're saying: "The incident had a Lapsus$ feel to it, so it’s not surprising that Uber is pointing a finger at the group," says Brett Callow, a threat analyst at Emsisoft, noting that the group pursues attacks that will bring it attention.

• "That’s why Lapsus$ creates a significant challenge for defenders: Financially motivated cyber criminals are predictable, whereas (partly) ego-motivated criminals are not — and that means companies' playbooks may be of little help," Callow adds.

Sign up for Axios’ cybersecurity newsletter Codebook here.