[ad_1]
Lapsus$: An ‘Unorthodox’ Threat Group
Lapsus$ only just emerged last year, with Mandiant researchers first noticing activity by the group on underground forums in July 2021. Since then, the group has widened its targeting with the compromises of the Brazilian Ministry of Health, South American telecommunications organizations and Portuguese media companies.
Joshua Shilko, senior principal analyst at Mandiant, said based on incidents that researchers have observed, Lapsus$ appears to rely on stolen credentials, and has used publicly available tooling and publicly available malware. However, Lapsus$ is “unorthodox” in that the group is “a bit noisy” and doesn’t follow the typical post-intrusion framework, he said.
The group is known for extorting its victims by threatening to leak companies’ sensitive data unless they pay up; however, “it doesn’t always seem to be just about money to them,” said Shilko. For instance, after targeting Nvidia, Lapsus$ asked the company to remove its lite hash rate (LHR) feature, meant to limit Ethereum mining capabilities in certain products; and also asked Nvidia to open-source its GPU drivers for macOS, Windows and Linux devices.
“In spite of those things, ultimately they’ve been successful in getting access to these large, well-resourced companies,” said Shilko.
The group is also unique in that it communicates with the public via a private Telegram channel, as opposed to the more traditional avenue of a data leak website that is preferred by many other cybercrime groups, said Morgan.
“Abusing a legitimate tool like Telegram ensures that Lapsus$’ data leak channel on the service will likely see minimal disruption, and that their victims’ identities can be exposed to anyone with an internet connection,” said Morgan. “Lapsus$ also runs polls on their data leak channel, providing members with the ability to decide whose data should be breached next; among cyber extortion groups, few also involve their followers or the public in such a direct manner.”
[ad_2]
Source link