LAPSUS$ Hacking Group Has Targeted Massive Tech Companies, But Who Are They?

hacker
hacker Unsplash/Mika Baumeister

For months now, a band of cybercriminals who call their group LAPSUS$ has been targeting the tech companies of Silicon Valley. The hackers had targeted Microsoft, Nvidia, Samsung, Ubisoft, and Okta -- the most recent victim.

Who is the LAPSUS$?

LAPSUS$ has reportedly wormed its way deep into the tech companies' network, where it stole pieces of source code, which is the digital DNA of proprietary software.

After that, the hacking group always leaked the code online, exposing the vulnerable victims and spilling company secrets too.

Security experts that investigated the hacks done by LAPSUS$ said that the group is not composed of hardened cybercriminals.

The members of the infamous hacking group are allegedly minors. On Mar. 24, Bloomberg reported that the British authorities announced the arrest of 7 people allegedly connected to the group.

Authorities revealed that the suspects were 16 and 17-year-old teens. The leader of LAPSUS$ is said to be a 16-year-old British teen from Oxford, England, according to Gizmodo.

The hacker under the name "White," recently had his identity leaked to the internet by a rival cybercrime faction. In short, after a string of victories and a lot of notoriety, things did not go well for the group.

Microsoft's Threat Intelligence Center researchers said that, unlike most groups that stay under the radar, LAPSUS$ does not cover its tracks.

The hacking group would announce their attacks online and would post about their intent to buy credentials from employees of tech companies.

LAPSUS$ Stunts

Before hacking the massive Silicon Valley companies, LAPSUS$ spent January 2022 pulling many juvenile cybercrime stunts, the likes of which seemed less about making money than having anarchic fun.

In one of its first hacks of the year, the group hacked a Brazilian car rental company, redirecting the business' homepage to a porn website for hours, according to ZDNET.

In another incident, the hackers took over a Portuguese newspaper's verified Twitter account and tweeted that LAPSUS$ is the new president of Portugal.

Early reporting on LAPSUS$ attempted to categorize the hacking group as a ransomware gang because of its habit of leaking stolen data. However, LAPSUS$ never really used ransomware.

The hacking group has operated purely through an extortionist model. Instead of encrypting the victims' data, the hacking group steals it, then threatens to leak it if its ransom is not paid.

The variation is seen as odd and clumsy on the ransomware industry's double extortion model, which uses the twin threats of data encryption and leakage to goad victims into paying.

In general, most ransomware gangs operate like the shadow versions of corporations deploying organized digital machinery towards theft and extortion.

LAPSUS's hack of Okta proves that the group did not do it for ransom, as the group posted screenshots of the incident online and did not ask Okta for any money in return.

On Mar. 22, Microsoft confirmed it was hacked by LAPSUS$ after the group released stolen data.

Related Article: NVIDIA Hackers Was Allegedly Hacked Back by NVIDIA: Data 'Un-Stolen?'

This article is owned by Tech Times

Written by Sophie Webster

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics