EA, Nvidia, Samsung, Ubisoft, Microsoft. Excellent victims of a hacking group that is entering the servers of the largest companies in the world. But when London arrested seven of the likely members of the collective, he found out who the hackers really are lapse$: a group of British teenagers between 16 and 21 years old. Guys who are hacking some of the most important targets in the world. But who are the hackers of the Lapsus $ group really and what do they want?
Who are the hackers of the Lapsus $ group
In the past couple of years we have talked a lot more often about hacker attacks against large companies, made more vulnerable because they did not manage smart working safely. And in the last month we have reported the chronicle of the cyber war between the Kremlin and hacker collectives such as Anonymous o la IT Armand for Ukraine.
So when the news of the hacker attacks on Microsoft, Okta, Samsung and Nvidia arrived, many commentators thought about another chapter of a global cyber conflict. So the astonishment was enormous when London police arrested seven teenagers accused of being members of the group, led by a boy who is only 16 years old.
The rise of this group has been lightning-fast and deadly. And the goal has nothing to do with geopolitics: it’s about money. But maybe not only.
From the beginnings to the attacks on the largest world groups
If the hits landed are striking, in Lapsus $’s plans one can often read their inexperience. The Vice reporter had proof of this Joseph Cox, who in his article tells how he met hackers. Cox had reported the news of the attack suffered by Electronic Arts (EA), they had stolen a large amount of data. Among these the FIFA source code and the Frostbite game engine, as well as many tools for programmers. A huge loot, which they didn’t know exactly how to manage.
Cox then receives a message: “I want to send a message to EA through you.” The guys they had no idea how to contact the company and then they asked a reporter who had reported the news, hoping that he could provide the contacts of some executive. They wanted to extort money but didn’t know who to send the ransom email to.
Cox did not forward the information, avoiding acting as an intermediary for criminal activity and contacting the authorities. But he took advantage of the moment to ask a few questions: after all, he is not a hacker henchman, but a journalist. The most ‘naïve’ question for hackers seems to be their motive: “What is the motive for the hack? Obviously the money, right?“They reply.
Raw but effective methods
The group continued hitting ever larger and more important companies in the IT world. Microsoft, Okta and Nvidia they have the potential to open the door to tons of other attacks by providing services to tons of technology companies (although IT teams are working to prevent this). Never methods are not particularly sophisticated. Indeed, they are the most used in the world of cybercrime.
Expert analysis shows teen hackers gained access by submitting phishing e-mails to some employees of the companya, by convincing them to download malware or by somehow stealing their credentials. Or they have bought in the dark web passwords and codes that some other hacker stole for them.
The hackers of the Lapsus $ group used social engineering techniques to access the account data of these large companies. Sometimes using the technique of SIM exchange, by directing messages intended for a company employee’s phone number to an account they own. In order to get the new passwords or two-factor authentication codesthe. For these shots it could be useful to have also attacked some telecommunication companies, such as Vodafone Portugalin the past.
However, in the latest attacks, hackers have shown that they know how to use even more sophisticated methods once got access with social engineeringAnd. For example, using software to steal passwords and exploit system vulnerabilities, as Microsoft itself tells us in the analysis of the attack it suffered.
Who are the Lapsus $ hackers and how do they advertise
The escalation of those who Lapsus $ has been able to hit seems evident, with new shots more and more effective and sensational. Although in hindsight some analysts said that the signs of inexperience were visible. For example, one of the claims for Nvidia’s ransomware was rsell Bitcoin mining graphics cards.
But something hackers have excelled at is the ability to draw attention to themselves. The collective uses two Telegram channels, one where only the group can post links for hits and for downloading stolen data. Another is a chat in which talk to their ‘audience’, among which there are also journalists interested in understanding the dynamics of the group. That it has more than 10 thousand members who mostly post memes and tease members of the group.
Lapsus $, however, also uses this chat for ask your ‘fans’ which companies to attack next. Bragging about the shots, as if advertising were an end in itself. Making these attacks public can make it less likely that a company will pay the required ransom. Be notoriousi can become an impediment to being rich in the hacker world, but i Lapsus teenager$ seem willing to compromise.
Too many powerful enemies
After the attack on Okta, which manages the authentication keys of large companies but also of governmental organizations in the USA, even the CISA (Cybersecurity and Infrastructure Security Agency) has focused its sights on the group. They joined the Brazilian authorities later the attack on the Ministry of Health.
But according to Bloomberg, he found the British boys may have been one team of researchers of cybersecurity hired by the attacked companies in the last weeks.
London has arrested seven people, only to release while keeping them under investigation. This may have caught the core of the hacker group Lapsus $. But at the moment it seems impossible to assess whether all the hackers involved are under investigation. Above all, it remains impossible to assess whether there are other members or possible cybercriminals ‘inspired’ by Lapsus $. Of the ten thousand members of the Telegram channelnot all are journalists and members of the police.