Bad start to the year for cybersecurity. In addition to the attacks that Nvidia, Samsung or Mercado Libre have suffered in recent weeks —not counting the rosary of hacks related to the war in Ukraine— a new episode is added, also starring a multinational from the technology sector. Ubisoft, a French firm dedicated to the video game industry and which includes Assassin’s Creed, Prince of Persia or Far Cry among its franchises, has just acknowledged “a cyber security incident”. Waiting for new data to be provided, the authorship points to the same hackers who acted in Nvidia or Samsung, the Lapsus$ group.
The event – Ubisoft does not speak of an attack – was recorded days ago and affected the multinational’s operations, but had not transpired until now. “Last week, Ubisoft experienced a cybersecurity incident which caused a temporary interruption of some of our games, systems and services. Our IT teams are working with leading external experts to investigate the issue,” highlights the Montreuil-based company, explaining that, “as a precautionary measure,” it has reset passwords across the company.
No impact on user data
Those responsible ensure that their games and services “work normally” and, at least for now, rule out that their users’ data could have been compromised: “There is no evidence that the player’s personal information has been accessed or that it has been have exposed”.
In its statement, Ubisoft does not clarify the origin or the person responsible for the episode. The one that does seem to have moved is already Lapsus$. The Verge assures that, yesterday, after the “incident” was revealed, Lapsus$ resorted to a Telegram channel supposedly managed by the hackers to insinuate that he is the author of the attack. Specifically, the group published an article about what happened at Ubisoft and accompanied it with a smiling emoji. When another user inquired about the incident, the hackers “confirmed” that they had not targeted the company’s customer data.
If verified, Lapsus$ would add the fourth new victim to its list in a matter of just a few weeks. The group of hackers, which according to the first indications would have its origins in Brazil, has already focused its efforts on Nvidia, Samsung and Mercado Libre. From the first, he obtained more than 70,000 employee credentials and the code of developments as recent and relevant as the future RTX 3090 Ti. In the case of Samsung, it leaked 190 GB of code from different mobiles. The Korean manufacturer confirmed the attack, which, incidentally, has helped to corroborate the capacity of the cybercriminal group.
Although his name has begun to become known now, especially after the attack on Nvidia, Lapsus$ has almost two years of experience behind him. His first steps date back to mid-2020 and throughout his history he has had Portuguese-speaking Brazilian companies or even the country’s Minister of Health among his targets. His attacks are published on Telegram and presents some characteristics that differentiate them from other groups of ransomware. In the case of Nvidia, for example, the hackers requested, among other measures, that the multinational eliminate the Lite Hash Rate (LHR) function, which limits the mining capabilities of Ethereum.
Cover Image | Map (Flickr)
George is Digismak’s reported cum editor with 13 years of experience in Journalism