Dec 2, 2022 - Technology

DHS board starts investigating Lapsus$ teen hacker group

Illustration of an extra long arm holding a magnifying glass over a lone computer.

Illustration: Aïda Amer/Axios

A group of federal cyber advisers is putting a suspected teen hacking group under the microscope in the second investigation ever conducted by the Cyber Safety Review Board.

Driving the news: The Department of Homeland Security review board — a group of 15 federal government and private-sector cyber experts — announced Friday morning that it will study and provide recommendations to fend off the hacking techniques behind the Lapsus$ data extortion group.

The big picture: Lapsus$, which has been outed as a teenage hacking group, is believed to be behind data breaches at Uber, Rockstar Games, Microsoft, Okta and other major companies earlier this year.

  • Data extortion groups break into a company's systems, steal prized information like source codes, and then demand a payment from the company to stop them from leaking the stolen information.
  • Specifically, Lapsus$ targets companies through MFA fatigue, where they use stolen login credentials to log in to a network and then spam account owners with two-factor authentication requests on their phones until they accept one.
  • Suspected members of the gang are believed to be based in the U.K. and have been arrested several times throughout the year.

Catch up quick: DHS created the Cyber Safety Review Board in February to study and provide insights into some of the country's most formative and widespread cyberattacks and data breaches.

Between the lines: The board does not have any regulatory powers, cannot compel companies to cooperate, and only provides recommendations and lessons learned from the incidents it studies.

  • As part of the review, the board will reach out to affected companies, but it's unclear who will cooperate at this time, board chair and DHS official Rob Silvers told reporters.

What they're saying: "The ongoing Lapsus$ hacks represent just the type of activity that merits a fulsome review," said DHS Secretary Alejandro Mayorkas during a press call.

What's next: Silvers said the board is in the early days of its review, and it's still determining its timeline for completing the Lapsus$ investigation.

Sign up for Axios’ cybersecurity newsletter Codebook here.

Go deeper