What is Lapsus$? Cyberattacks of the Lapsus$ hacker group

What is the Lapsus$ hacker group? 

Lapsus$ is an international hacker group known for data extortion. The group is thought to be a loose organization of hackers best known for its cyberattacks on government agencies and companies. 

While the overall structure of Lapsus$ remains unclear, law enforcement agencies have arrested several individuals linked to the group, including a suspected teenage leader in the UK. Despite being seen as less sophisticated than state-sponsored groups, Lapsus$ has successfully breached major companies like Microsoft, Nvidia, and Okta using tactics such as social engineering and SIM swapping. 

How do Lapsus$ data extortion attacks work? 

Lapsus$ often forgoes traditional malware and instead focuses on data extortion attacks and then threatens individuals or organizations with the threat of revealing stolen data to force payment. 

Data extortion attacks target an entity's cybersecurity vulnerabilities to gain access to the system and steal enough sensitive data to extort them and receive a payout. After Lapsus$ has breached an organization's system, the hackers threaten it with exposure of sensitive data unless its willing to pay a ransom.

Lapsus$ uses various techniques, methods, and procedures to execute attacks but are particularly known for specific tactics, including: 

• Social engineering attacks, including phishing, spear phishing, and vishing, to steal credentials
• Infiltrating personal email accounts of victims to steal personal information and secure credentials 
• SIM-swapping attacks (including SIM splitting and SIM swapping) to enter a victim’s email and reset passwords or bypass multi-factor authentication
• Bribing corrupt suppliers, employees, or business partners of targeted organizations for secure MFA tokens or stolen credentials
• Extorting individuals or companies to avoid the release of stolen data or credentials

The latest Lapsus$ hacker group attacks

Lapsus$ regularly makes headlines for its data extortion attacks on big businesses and government agencies. Here’s the hacking group's latest and most famous attacks on large tech companies:

Nvidia

Lapsus$ hackers are held responsible for the Nvidia breach which happened back in 2022. The group stole employee credentials and proprietary information. In March, the gang released information on 71,000 employee accounts. 

Samsung

Along with other cyberattacks in March 2022, the hacker group Lapsus$ is believed to have successfully hacked Samsung. During the attack, it stole source code for Galaxy devices and internal company data. The hacking group then distributed almost 200 GB of Samsung’s stolen data. 

Ubisoft

Reports from Ubisoft claim Lapsus$ hackers compromised its cybersecurity systems but believed its customer data was not stolen during the incident. Ubisoft investigated the attack but released no further information. 

Microsoft

Microsoft revealed a cybersecurity incident in March 2022 when a single account was breached, and source codes were stolen from its products. Lapsus$ was believed to be responsible for the breach because the group published a 37 GB file containing part of the stolen source code. 

Okta

In January 2022, the Okta team announced that the hacker gang Lapsus$ had breached its internal systems and used Telegram's messaging app to threaten the release of Okta users' identities and sensitive information. The company released a statement sharing that it was conducting an investigation into the breach and its impact on its customers. Okta determined approximately 2.5% of its customers were affected by the cyberattack. 

Globant

Globant’s software service was breached in March 2022, and it’s reported that 70 GB of source was stolen from Globant’s customers. Lapsus$ claimed responsibility for the hack and released screenshots of Globant’s directory with customer details. 

Vodafone

Lapsus$ is thought to have been behind the cyberattack on Vodafone in early 2022. Vodafone reports that its proprietary source code was stolen, but attackers did not obtain customer data after they gained access to its system. The company launched an investigation with law enforcement to verify the source of the theft, but it did not release follow-up information on the attack. 

Uber

Reports from Uber indicate that a hacker connected with Lapsus$ was at fault for a breach of its internal systems on September 15th, 2022. Uber claims that no customer or user data was stolen during the attack. 

Rockstar Games

Source codes and early development footage for Rockstar Games Grand Theft Auto VI (GTA VI) were stolen and leaked by a Lapsus$ member. Arion Kurtaj, believed to be a key member of Lapsus$, stole and released 90 clips of an unreleased version of Grand Theft Auto VI. Two members of Lapsus$ were found guilty in court of hacking organizations such as Rockstar Games. 

T-Mobile

During its March 2022 crime spree, Lapsus$ is also believed to be responsible for a breach on T-Mobile. The hacking group accessed T-Mobile’s systems multiple times to steal source codes for company projects. T-Mobile believes customer and government data was not compromised. 

How to prevent cyberattacks

While there is no “perfect strategy” to prevent a cyberattack, you can take various measures to protect yourself:

• Follow zero trust​​ security. Zero trust security measures are a cybersecurity strategy designed to protect networks and data from cyberattacks. When someone logs in to your systems, they must authenticate and verify themselves to access the system. This ensures that sensitive data stays out of hackers' hands and prevents criminals from accessing internal systems. 
• Require strict multi-factor authentication (MFA). MFA is a form of extra security known to reduce cyberattacks. When users log in to your system, it will use various authentication methods, such as passwords, PINs, and face scans, to verify their permission to access it. 
• Implement strong security measures. Other security protocols, such as antivirus software and firewalls, are great tools for preventing attacks. Antivirus software can perform regular sweeps of your system and cybersecurity measures and alert you if it detects malicious code or malware. Firewalls monitor network traffic and protect it from hackers who gain unauthorized access to your system. 
• Schedule software updates. Software updates offer protection against known cybersecurity vulnerabilities. New software may patch known weaknesses in your security system before a hacker notices them.