Meet Lapsus$, the alleged hackers behind the Uber breach
The data-extortion group outed earlier this year as a group of teenagers seems to be making a comeback.
- Uber said the hacker purchased a contractor's leaked credentials from the dark web and then spammed the contractor with two-factor authentication requests on their phone until they accepted one.
- This tactic is a staple of the Lapsus$ group's work, according to Microsoft.
- The group's goal is to use stolen login credentials to steal company data — especially source code — and impose demands on the victim to stop the group from leaking stolen info.
The big picture: Lapsus$ has been relatively quiet since receiving law enforcement attention in March.
- London police arrested seven teenagers believed to be connected to Lapsus$ hacks, including those targeting Microsoft, Nvidia, Okta, Samsung and T-Mobile.
- Following the March arrests, the group posted in a Telegram channel that it was going on vacation.
The intrigue: Uber acknowledged the hacker has also claimed responsibility for a data breach this weekend at Rockstar Games.
- The intruder posted 90 videos of footage from the upcoming Grand Theft Auto VI.
Catch up quick: Before prosecutors deduced that teenagers are behind Lapsus$, many researchers believed they were actually an up-and-coming Brazilian ransomware gang.
- The gang's early focus late last year on Portuguese-language organizations — including Brazil's health ministry and South American telcos Claro and Embratel — misdirected some onlookers.
What they're saying: "The incident had a Lapsus$ feel to it, so it’s not surprising that Uber is pointing a finger at the group," says Brett Callow, a threat analyst at Emsisoft, noting that the group pursues attacks that will bring it attention.
- "That’s why Lapsus$ creates a significant challenge for defenders: Financially motivated cyber criminals are predictable, whereas (partly) ego-motivated criminals are not — and that means companies' playbooks may be of little help," Callow adds.
Sign up for Axios’ cybersecurity newsletter Codebook here.