The same group of cybercriminals has put Nvidia and Samsung in check in a few weeks. Is about Lapsus$, a mysterious group that publishes its attacks on Telegram. Little is known about them, since their first movements were in the middle of 2020, but it has not been until now that they have jumped to the front page by targeting two giants of the technological world and putting their systems in trouble.
From Nvidia they managed to get hold of more than 70,000 company employee credentials, as well as the code from developments as recent as the future RTX 3090 Tithreatening to release the source code of the drivers if they did not agree to his demands.
From Samsung, they leaked a total of 190 GB of code from different manufacturer mobiles, from the bootloader to encryption algorithms. Samsung confirmed the incident, confirming that Lapsus$ is a real threat and a group with enough resources to access compromised data from some BigTech.
Another affected has been Mercado Libre. The company itself has confirmed the attack, affecting more than 300,000 users and Mercado Pago. According to their initial analysis, they have found no evidence that their infrastructures have been compromised or that they have obtained user passwords or financial information. A response similar to that offered by Samsung, in which they claim that the attackers have not obtained personal data, but internal information from its source code.
As described by TitanHq, the origin of the introduction of the ransomware is in an attack by phishing. This allows cybercriminals to access high-level internal systems and gain access to control panels or social network accounts, from where Lapsus$ has even published a tweet, as happened with SIC, the largest television in Portugal.
Lapsus$ movements point to Brazil
Lapsus$ has not yet acknowledged the cyber attack on Mercado Libre, however it does coincide in time with the last survey published on its Telegram account, where they targeted this company precisely.
Along with Mercado Libre, Lapsus targets Vodafone and Impresa. There is no record of an attack on the operator, but Impresa, parent company of Portuguese media such as Expresso or SIC Noticias, has noticed an intrusion in its systemshaving to temporarily block their web pages.
slip$ doesn’t seem to follow the trend of other ransomware groups. Instead of asking for a ransom to prevent the publication of the data, the interests of Lapsus$ are going to request actions such as providing facilities to be able to mine cryptocurrencies, in the case of Nvidia.
Jon Andrews, VP of risk platform Gurucul, explains to Tech Monitor that Lapsus$ motivations seem to go beyond pure extortion: “Lapsus$ has said in the past that their actions are not politically motivated, but the fact that they not only encrypt their victims’ data and demand a ransom indicates that they are not just looking for a quick profit. Rather, it appears that they have some kind of agenda, whatever it is”.
The origin of Lapsus$ is not confirmed and there is no record of any specific name belonging to the organization. However, there are several indications that point to Brazil as the place of origin of this group of cybercriminals.
The websites of two of the main media organizations in Portugal @expresso and @SICNews are down, after an apparent hacking, according to their parent company, Impresa. pic.twitter.com/la2Pi9JRgG
– Mia Alberti (@mialberti) January 2, 2022
One of them is the attack on the Portuguese media. This coincides with his first notable appearance, which was in 2020 when they targeted the Brazilian Minister of Healthaccording explains Xue Yin Peh, an analyst at Digital Shadows. In that attack the group claimed to leak 50TB of data. Subsequently, other Brazilian organizations and Portuguese-speaking companies such as Impresa, Claro, Embratel, NET and Localiza were their targets. That was last year, but in 2022 they have taken a huge leap by going up against tech giants like Nvidia or Samsung.
Image | Joan Gamell
In Xataka | This is OnionIRC, Anonymous’s hacker school
George is Digismak’s reported cum editor with 13 years of experience in Journalism