Sep 20, 2022 - Technology

Meet Lapsus$, the alleged hackers behind the Uber breach

Illustration of a Windows-style folder icon with a padlock on it.
Illustration: Aïda Amer/Axios

The data-extortion group outed earlier this year as a group of teenagers seems to be making a comeback.

Driving the news: Uber said Monday that it believes last week's hack of its systems is affiliated with the Lapsus$ hacking group.

  • Uber said the hacker purchased a contractor's leaked credentials from the dark web and then spammed the contractor with two-factor authentication requests on their phone until they accepted one.
  • This tactic is a staple of the Lapsus$ group's work, according to Microsoft.
  • The group's goal is to use stolen login credentials to steal company data — especially source code — and impose demands on the victim to stop the group from leaking stolen info.

The big picture: Lapsus$ has been relatively quiet since receiving law enforcement attention in March.

  • London police arrested seven teenagers believed to be connected to Lapsus$ hacks, including those targeting Microsoft, Nvidia, Okta, Samsung and T-Mobile.
  • Following the March arrests, the group posted in a Telegram channel that it was going on vacation.

The intrigue: Uber acknowledged the hacker has also claimed responsibility for a data breach this weekend at Rockstar Games.

  • The intruder posted 90 videos of footage from the upcoming Grand Theft Auto VI.

Catch up quick: Before prosecutors deduced that teenagers are behind Lapsus$, many researchers believed they were actually an up-and-coming Brazilian ransomware gang.

What they're saying: "The incident had a Lapsus$ feel to it, so it’s not surprising that Uber is pointing a finger at the group," says Brett Callow, a threat analyst at Emsisoft, noting that the group pursues attacks that will bring it attention.

  • "That’s why Lapsus$ creates a significant challenge for defenders: Financially motivated cyber criminals are predictable, whereas (partly) ego-motivated criminals are not — and that means companies' playbooks may be of little help," Callow adds.

Sign up for Axios’ cybersecurity newsletter Codebook here.

Go deeper